"A previously undocumented cyber espionage group operating from Asia broke into the networks of at least 70 government and critical infrastructure organizations across 37 countries over the past year, according to new findings from Palo Alto Networks Unit 42. In addition, the hacking crew has been observed conducting active reconnaissance against government infrastructure associated with 155 countries between November and December 2025."
"Some of the entities that have been successfully compromised include five national-level law enforcement/border control entities, three ministries of finance and other government ministries, and departments that align with economic, trade, natural resources, and diplomatic functions. The activity is being tracked by the cybersecurity company under the moniker TGR-STA-1030, where "TGR" stands for temporary threat group and "STA" refers to state-backed motivation. Evidence shows that the threat actor has been active since January 2024."
An Asia-based cyber espionage group breached networks of at least 70 government and critical infrastructure organizations across 37 countries and reconnoitered infrastructure in 155 countries between November and December 2025. Victims include national law enforcement and border agencies, finance ministries, and departments handling economic, trade, natural resources, and diplomatic functions. The campaign, tracked as TGR-STA-1030, has been active since January 2024. Assessment favors Asian origin based on tooling, service choices, language settings, and GMT+8 operating hours. Attacks start with phishing links to MEGA hosting a ZIP containing Diaoyu Loader and a zero-byte pic1.png; the malware uses dual-stage guardrails, including a horizontal resolution >=1440 and an environmental dependency on pic1.png.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]