A major cyber espionage campaign by a group identified as CL-STA-1062, suspected to involve Chinese-speaking hackers, has compromised at least ten organizations across Southeast Asia, specifically targeting critical energy infrastructure and government entities. The attackers utilized a new custom malware called TinyRCT to infiltrate networks, which allows for data exfiltration and remote command execution.
This campaign escalated significantly in late 2025, using web application vulnerabilities to gain access and deploying tools like open-source tunneling software disguised as legitimate applications. Despite the significant impact on operational security for affected organizations, the financial damages remain unclear. Experts recommend immediate enhancements in network defenses and swift patching of vulnerabilities to mitigate further risks.