CL-STA-1087 targets military capabilities since 2020
China-linked APT group CL-STA-1087 has targeted Southeast Asian militaries since 2020 using AppleChris and MemFun. A suspected China-linked espionage campaign, tracked as CL-STA-1087, has targeted Southeast Asian military organizations since at least 2020, using AppleChris and MemFun malware. “The activity demonstrated strategic operational patience and a focus on highly targeted intelligence collection, rather than bulk […]
A suspected China-linked espionage campaign, tracked as CL-STA-1087, has targeted Southeast Asian military organizations since at least 2020, using AppleChris and MemFun malware.
“The activity demonstrated strategic operational patience and a focus on highly targeted intelligence collection, rather than bulk data theft. The attackers behind this cluster actively searched for and collected highly specific files concerning military capabilities, organizational structures and collaborative efforts with Western armed forces.” reads the report published by Palo Alto Networks. “The objective-oriented tool set used in the malicious activity includes several newly discovered assets: the AppleChris and MemFun backdoors, and a custom Getpass credential harvester.”
Source: https://securityaffairs.com/189553/apt/cl-sta-1087-targets-military-capabilities-since-2020.html
Related breach coverage
- China-linked UAT-7290 spies on telco in South Asia and Europe using modular malware2026-01-09
China-linked UAT-7290 has targeted South Asia and Southeastern Europe since 2022, conducting espionage and deploying RushDrop, DriveSwitch, and SilentRaid. China-linked threat actor UAT-7290 has conducted espionage attacks since at least 2022, targeting South Asia and Southeastern Europe. UAT-7290 primarily targets telecom providers, it conducts espionage by deeply embedding in victim networks and also operates Operational […]
- China-linked Red Menshen APT deploys stealthy BPFDoor implants in telecom networks2026-03-27
China-linked Red Menshen APT group used stealthy BPFDoor implants in telecom networks to spy on government targets. Rapid7 Labs uncovered a China-linked threat group known as Red Menshen has been running a long-term espionage campaign by infiltrating telecom networks, mainly in the Middle East and Asia. Active since at least 2021, the group uses highly […]
- Suspected Russian hackers deploy CANFAIL malware against Ukraine2026-02-14
A new alleged Russia-linked APT group targeted Ukrainian defense, government, and energy groups, with CANFAIL malware. Google Threat Intelligence Group identified a previously undocumented threat actor behind attacks on Ukrainian organizations using CANFAIL malware. The group is possibly linked to Russian intelligence services and has targeted defense, military, government, and energy entities at both regional […]
- China-linked APT UAT-8837 targets North American critical infrastructure2026-01-17
Cisco Talos says a China-linked group, tracked as UAT-8837, has targeted North American critical infrastructure since last year. Cisco Talos reports that threat group UAT-8837, likely linked to China, has targeted critical infrastructure in North America since at least last year. The activity shows tactics overlapping with known China-linked clusters. “Cisco Talos is closely tracking […]