USB Malware and RATs Target Southeast Asian Government in Cyberespionage Campaign

Severity: High (Score: 70.5)

Sources: Cybersecuritynews, Gbhackers

Summary

Between June and August 2025, a coordinated cyberespionage operation targeted a Southeast Asian government organization. Attackers deployed USB-propagated malware, including a variant named USBFect (also known as HIUPAN), which facilitates the installation of the PUBLOAD backdoor for lateral movement within the network. The operation involved multiple remote access trojans (RATs) and custom data stealers to maintain long-term access to sensitive systems. Analysts identified three separate clusters of activity occurring simultaneously, indicating a sophisticated and well-planned attack strategy. The full scope of the impact is still being assessed, but the use of USB devices as an attack vector highlights a significant security vulnerability. Current status indicates ongoing investigations into the breach and potential mitigation strategies being developed. Key Points: • Attackers used USBFect malware to target a Southeast Asian government. • The operation involved multiple RATs and custom data stealers for long-term access. • Three clusters of coordinated activity were identified during the attack.

Key Entities

• Malware (attack_type)
• Trojan (attack_type)
• Government (industry)
• Hiupan (malware)
• Pubload (malware)
• USBFect (malware)
• T1091 - Replication Through Removable Media (mitre_attack)