A recent cybersecurity report has shed light on a complex and well-resourced operation involving three threat activity clusters linked to China, targeting a government organization in Southeast Asia in 2025.
The campaign, characterized by its sophistication and scale, has resulted in the deployment of multiple malware families, including HIUPAN, also known as USBFect, MISTCLOAK, or U2DiskWatch, which highlights the diverse arsenal at the disposal of these threat actors.
Further analysis has revealed the use of additional malware families such as PUBLOAD, EggStremeFuel, also referred to as RawCookie, and EggStremeLoader, known as Gorem RAT, indicating a broad and adaptable approach to achieving their objectives.
The inclusion of MASOL in the list of deployed malware underscores the threat actors’ ability to utilize a wide range of tools, each potentially serving different purposes within the campaign, from initial compromise to persistent access and data exfiltration.
These findings emphasize the need for enhanced cybersecurity measures, particularly for government entities in Southeast Asia, to protect against such targeted and resourceful attacks.
The ongoing nature of these threats necessitates continuous monitoring and updating of defense strategies to counter the evolving tactics, techniques, and procedures (TTPs) of these China-linked clusters.
Source: Original Article
