A China-linked cyber espionage group has been infiltrating military organizations’ networks in several Southeast Asian countries for over five years to steal strategic and military information, according to a new report from cybersecurity company Palo Alto Networks.
Researchers have identified this malicious activity under the label CL-STA-1087, suggesting that it could be a state-supported or geopolitically motivated actor.
This group has been present within the affected networks since at least 2020 and has demonstrated a distinctive style, avoiding detection for long periods, remaining hidden, and resuming the collection of sensitive data when no one expected it.
In many cases, the intruders have had access to the systems for entire months without being ‘caught,’ collecting very specific information about military capabilities, command structures, and collaborations with Western armed forces.
Ad hoc tools
The attackers did not use generic malware but rather custom-developed digital tools to move between different devices and search for important files without attracting the attention of internal defenses.
Among these were programs that open backdoors to maintain persistent access, such as AppleChris and MemFun. They also used Getpass, a tool designed to capture credentials, such as usernames and passwords. Additionally, they employed malicious PowerShell, scripts to execute instructions remotely within the affected devices.
These ‘weapons’ have allowed the cybercriminals to remain within the attacked networks, move between different devices, and search for important files without attracting the attention of internal defenses.
Researchers comment that the attackers’ interest was not to steal large amounts of general data but to find highly specific information, such as documents on how armies are structured, assessments of operational capabilities, communication plans, and records of meetings with allied forces, especially from Western countries. This type of information is valuable not for its volume but for its strategic value, as it allows understanding of technologies or military alliances of opposing forces.
This campaign is just one of many carried out by Beijing and associated APT groups. In recent years, multiple incidents have been reported linked to groups associated with China that have attacked everything from government entities to critical infrastructures in different regions.
