logo

China-Linked Group Targets Southeast Asia Critical Systems

ID: c386e96f-bfed-56da-b4c9-f6b84e72b48b

STIX ID: report--c386e96f-bfed-56da-b4c9-f6b84e72b48b

Feed Name: Dark Reading

Threat Score
85/100

Date Published: 2026-07-01

Date Updated: 2026-07-02

Author: Robert Lemos

...
...

Palo Alto Networks Unit 42 reports that a China-linked APT, CL-STA-1062 (likely same as Cisco Talos' UAT-7237), has targeted electricity, water, government and military organizations in Southeast Asia using a novel, stealthy C# RAT named TinyRCT. The implant includes anti-analysis and self-destruct features, masquerades as legitimate binaries (e.g., PerfWatson2.exe), and supports remote command execution, fingerprinting and exfiltration; researchers observed lateral movement and persistence but limited evidence of OT-specific payloads, leaving open whether the group performs espionage end-to-end or serves as an initial-access broker.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.