China-linked Cyber Campaign Targets Southeast Asian Government

China-linked Cyber Campaign Targets Southeast Asian Government

First seen 31 Mar 2026, 19:00 UTC Securityaffairs.CoScworld 73% similarity 72.5

Article Content

Browse articles
ThreatCluster

In 2025, multiple China-linked threat groups executed a sophisticated cyber campaign against a Southeast Asian government, utilizing various malware families to achieve persistent access and exfiltrate sensitive data. The operation involved three distinct clusters: Mustang Panda, CL-STA-1048, and CL-STA-1049, each employing advanced techniques and a range of malware including HIUPAN, PUBLOAD, and FluffyGh0st. Mustang Panda notably used the USBFect worm for propagation via infected USB drives, facilitating lateral movement and data theft. The campaign spanned from March to September 2025, indicating a well-coordinated effort with significant resources. The impact of the attack remains under assessment, but the sophisticated nature of the operation suggests a serious breach of security for the affected government.

Key Points: • China-linked groups executed a complex cyber campaign against a Southeast Asian government in 2025. • The operation involved three clusters and multiple malware families, including PUBLOAD and FluffyGh0st. • Mustang Panda utilized the USBFect worm for malware propagation and data exfiltration.

ThreatCluster AI

Timeline

2025-03-01
CL-STA-1048 begins operations against Southeast Asian government
2025-06-01
Mustang Panda active from June to August
2025-09-01
Campaign concludes with ongoing assessments of impact

Community

Browse all →