China-Linked Hackers Strike Asian Critical Infrastructure with TinyRCT Backdoor
ID: e789e712-7a03-5585-932f-d3427ad72735
STIX ID: report--e789e712-7a03-5585-932f-d3427ad72735
Feed Name: Infosecurity Magazine (News)
Unit 42 uncovered a sustained China-linked APT campaign (CL-STA-1062) targeting government and state-owned energy organizations across Southeast Asia since at least March 2022; the actors used a mix of open-source tooling (SoftEther, Mimikatz, VNT) and a newly observed custom backdoor, TinyRCT, which enables persistent access, arbitrary command execution, file exfiltration, screenshots, encrypted C2, and a self-destruct capability — researchers assess the activity as high-confidence state-linked and observed compromises of multiple critical infrastructure entities in 2025.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
