← All stories
● Covered by 1 source Β· 1 reportMedium impact

Chinese APT CL-STA-1062 Uses TinyRCT Backdoor in Southeast Asia Cyber Campaign

Aggregated by BrevFeed security Β· updated 4d ago
πŸ”– Save

A Chinese-speaking APT known as CL-STA-1062 has been linked to a new backdoor, TinyRCT, targeting government and critical infrastructure in Southeast Asia. This development highlights a sustained threat environment for state entities in the region.

Key points

Overview of Cyber Attacks

A Chinese-speaking advanced persistent threat (APT) known as CL-STA-1062 has been linked to a series of cyber attacks targeting government entities and critical infrastructure in Southeast Asia. These attacks have predominantly aimed at state-owned enterprises within the energy and government sectors.

Details on TinyRCT Backdoor

The newly identified backdoor, TinyRCT, is a custom-built tool that allows attackers to execute arbitrary commands, enumerate files, exfiltrate data, capture screens, and delete itself from compromised systems. This backdoor marks a significant development in CL-STA-1062's operational capabilities, diversifying their previously relied-upon hybrid toolkit.

Historical Context

Unit 42's report indicates CL-STA-1062 has targeted strategic sectors in East Asia since March 2022, with previous operations linked to overlaps with the group UAT-7237, known for targeting web infrastructure in Taiwan. The group's sustained focus on Southeast Asia presents a growing concern for regional cybersecurity.

Recent Incidents

In September 2025, CL-STA-1062 successfully infiltrated a government entity, deploying a web shell to exfiltrate data from an MS SQL server. They conducted network reconnaissance on another government entity, highlighting an effort to expand their access and potentially leverage lateral movement within compromised networks.

Wider Impact

Between October and December 2025, breaches affecting at least ten different organizations in Southeast Asia were reported, reflecting the extensive operations of CL-STA-1062. This underscores the critical need for heightened cybersecurity measures across vulnerable sectors in the region.

✨ This summary was generated by AI from the outlets' reporting listed below. It is not independently verified and may contain errors β€” check the original sources. How BrevFeed works β†’

Reporting from

A Chinese-speaking APT known as CL-STA-1062 has been linked to a new backdoor, TinyRCT, targeting government and critical infrastructure in Southeast Asia. This development highlights a sustained threat environment for state entities in the region.