logo

China-Linked Hackers Strike Asian Critical Infrastructure with TinyRCT Backdoor

ID: e789e712-7a03-5585-932f-d3427ad72735

STIX ID: report--e789e712-7a03-5585-932f-d3427ad72735

Feed Name: Infosecurity Magazine (News)

Threat Score
88/100

Date Published: 2026-06-26

Date Updated: 2026-06-26

...
...

Unit 42 uncovered a sustained China-linked APT campaign (CL-STA-1062) targeting government and state-owned energy organizations across Southeast Asia since at least March 2022; the actors used a mix of open-source tooling (SoftEther, Mimikatz, VNT) and a newly observed custom backdoor, TinyRCT, which enables persistent access, arbitrary command execution, file exfiltration, screenshots, encrypted C2, and a self-destruct capability — researchers assess the activity as high-confidence state-linked and observed compromises of multiple critical infrastructure entities in 2025.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.