A Chinese-speaking APT group tracked as CL-STA-1062 has been linked to attacks on government entities and critical infrastructure in Southeast Asia using a new custom backdoor called TinyRCT. The campaign combines open-source tools with tailored malware to steal data, maintain access, and target sectors including energy and government. #CL-STA-1062 #TinyRCT #UAT-7237 #SoftEtherVPN #Mimikatz #VNT
Keypoints
- CL-STA-1062 targeted government and critical infrastructure organizations in Southeast Asia.
- The group used a new custom backdoor named TinyRCT for remote access and data theft.
- Attackers also relied on open-source tools like SoftEther VPN, Mimikatz, and VNT.
- The campaign used ASPX web shells, web reconnaissance, and MS SQL data exfiltration.
- TinyRCT was delivered through a malicious ZIP file using DLL side-loading and AppDomainManager injection.
Read More: https://thehackernews.com/2026/06/chinese-speaking-apt-deploys-new.html