Back Issues This Week → Calendar → Current Issue → Popular →

All issuesVolume 339, Issue 4IT Vendor NewsPalo Alto Networks

CL-STA-1062 Targets Southeast Asian Governments and Critical Infrastructure

Palo Alto Networks, Thursday, June 25th, 2026

Unit 42 exposes CL-STA-1062, a Chinese-speaking group attacking Southeast Asian government and infrastructure targets.

This Unit 42 report details a campaign by Chinese-speaking threat actors tracked as CL-STA-1062, active since at least March 2022 against government entities and critical infrastructure in Southeast Asia.

The actors deployed a previously undocumented backdoor called TinyRCT alongside open-source tools such as SoftEther VPN and Mimikatz to compromise energy and government sector organizations.

Researchers analyze TinyRCT's capabilities, including command execution, file exfiltration, and screenshot capture. They assess the cluster as the same activity previously documented by Cisco Talos targeting Taiwanese infrastructure.

more →  ·  More from Palo Alto Networks →