Secrecy and advanced tactics characterize the cyber campaign by CL-STA-0969 targeting Southeast Asian telecommunications infrastructure, employing a variety of malware and evasion techniques. While no data was exfiltrated, the group demonstrates a sophisticated understanding of telecom protocols and infrastructure. #CL-STA-0969 #LiminalPanda #LightBasin #GTPDOOR
Keypoints
- CL-STA-0969 targeted telecommunications organizations in Southeast Asia using multiple tools and evasive techniques.
- The threat actor employed brute-force attacks and various implants like AuthDoor, Cordscan, and ChronosRAT for persistent access.
- Overlaps exist between CL-STA-0969, Liminal Panda, LightBasin, and other threat groups with shared tools and tactics.
- The attacks focused on maintaining stealth through log clearing, traffic tunneling, and disguising process names.
- While no data exfiltration was observed, the group demonstrated deep knowledge of telecom protocols and infrastructure security.
Read More: https://thehackernews.com/2025/08/cl-sta-0969-installs-covert-malware-in.html