Behind the Clouds: Attackers Targeting Governments in Southeast Asia Implement Novel Covert C2 Communication

Threat Research Center Threat Actor Groups Malware Behind the Clouds: Attackers Targeting Governments in Southeast Asia Implement Novel Covert C2 Communication By:Lior Rochberger Lior Rochberger Published:July 14, 2025 Categories:MalwareThreat Actor Groups Malware Threat Actor Groups Tags:AWSBackdoorC2CL-STA-1020DLL SideloadingDropboxGoogle DriveMicrosoftServerless AWS Backdoor C2 CL-STA-1020 DLL Sideloading Dropbox Google Drive Microsoft Serverless Executive Summary Since late 2024, Unit 42 researchers have been tracking a cluster of suspicious activity as CL-STA-1020, targeting governmental entities in Southeast Asia. The threat actors behind this cluster of activity have been collecting sensitive information from government agencies, including information recent tariffs and trade disputes. This campaign is particularly noteworthy due to its novel tradecraft. The threat actors have developed a previously undocumented Windows backdoor, which we named HazyBeacon. This backdoor leverage...