CL-STA-0048: An Espionage Operation Against High-Value Targets in South Asia
NetmanageIT OpenCTI - opencti.netmanageit.com

SUMMARY :
A sophisticated cyberespionage campaign targeting high-value entities in South Asia, particularly a telecommunications organization, has been identified. The threat actor, tracked as CL-STA-0048, employed rare techniques like 'Hex Staging' for payload delivery and DNS-based data exfiltration. The operation, likely originating from China, aimed to obtain personal information of government employees and sensitive organizational data. The attackers systematically exploited vulnerabilities in IIS, Apache Tomcat, and MSSQL services. They utilized various tools including PlugX backdoor, Cobalt Strike, and privilege escalation tools. The campaign's sophistication and objectives suggest a nation-state advanced persistent threat operation.
OPENCTI LABELS :
apt,cobalt strike,plugx,south asia
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
CL-STA-0048: An Espionage Operation Against High-Value Targets in South Asia