Suspected China-Based Espionage Operation Against Military Targets in Southeast Asia

A suspected Chinese state-sponsored espionage campaign targeting Southeast Asian military organizations has been identified, traced back to at least 2020. Designated as CL-STA-1087, the operation demonstrates strategic patience and focused intelligence collection on military capabilities and structures. The attackers deployed custom tools including the AppleChris and MemFun backdoors, and a modified Mimikatz variant called Getpass. The campaign is characterized by the use of dead drop resolvers, custom HTTP verbs, and anti-forensic techniques. Infrastructure analysis reveals long-term persistence and operational compartmentalization. The activity aligns with Chinese working hours and utilizes China-based cloud infrastructure, suggesting a Chinese nexus.

Pulse ID: 69b7da7a6e515e00f9cb4184
Pulse Link: https://otx.alienvault.com/pulse/69b7da7a6e515e00f9cb4184
Pulse Author: AlienVault
Created: 2026-03-16 10:24:58

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Asia #BackDoor #China #Chinese #Cloud #CyberSecurity #Espionage #HTTP #InfoSec #Military #OTX #OpenThreatExchange #RAT #bot #AlienVault