{"id":185402,"date":"2026-02-05T11:23:00","date_gmt":"2026-02-05T16:23:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/02\/05\/asian-governments-espionage-campaign-breached-critical-infrastructure-in-37-countries\/"},"modified":"2026-02-07T13:40:27","modified_gmt":"2026-02-07T18:40:27","slug":"asian-governments-espionage-campaign-breached-critical-infrastructure-in-37-countries","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/02\/05\/asian-governments-espionage-campaign-breached-critical-infrastructure-in-37-countries\/","title":{"rendered":"Asian government\u2019s espionage campaign breached critical infrastructure in 37 countries"},"content":{"rendered":"

Asian government\u2019s espionage campaign breached critical infrastructure in 37 countries<\/a><\/p>\n

https:\/\/www.cybersecuritydive.com\/news\/asian-governments-espionage-campaign-breached-critical-infrastructure-in-3\/811472\/<\/a><\/p>\n

Publish Date: 2026-02-05 11:23:00<\/a><\/p>\n

Source Domain: www.cybersecuritydive.com<\/a><\/p>\n

Author: <\/a><\/p>\n

Using an unordered list, summarize the following article with between 4 and 8 key points. <\/p>\n

Dive Brief:<\/p>\n

Hackers working for an Asian government have breached at least 70 government agencies and critical infrastructure organizations in 37 countries over the past year as part of an espionage campaign likely aimed at collecting information about rare earth minerals, trade deals and economic partnerships, Palo Alto Networks said in a report published on Thursday.
\n\u201cWhile this group might be pursuing espionage objectives,\u201d researchers with the company\u2019s Unit 42 group wrote in the report, \u201cits methods, targets and scale of operations are alarming, with potential long-term consequences for national security and key services.\u201d
\nThe security firm provided indicators of compromise and described the threat actor\u2019s techniques and infrastructure.<\/p>\n

Dive Insight:
\nIn addition to penetrating targets in 37 countries \u2014 including law-enforcement agencies, finance ministries and trade departments \u2014 the threat actor has cast a much wider net, conducting reconnaissance against government networks in 155 countries between November and December, according to Palo Alto Networks\u2019 report.
\nThe company did not attribute the activity of the group \u2014 which it tracks as TGR-STA-1030 \u2014 to a specific country, but its description of the group aligns closely with the objectives of the Chinese government.
\nThe group\u2019s victims, according to Palo Alto Networks, have included Brazil\u2019s energy ministry, a key agency in the country that is believed to possess the world\u2019s second-largest supply of rare earth minerals; Greece\u2019s Syzefxis Project, which is designed to improve public services through faster internet connections; a Mongolian police agency, which experienced a breach shortly before Mongolia\u2019s justice minister \u201cmet with a counterpart from an Asian nation; and several \u201cnational-level telecommunications companies.\u201d
\nThe hackers also penetrated \u201ca major supplier in Taiwan\u2019s power equipment industry,\u201d according to the report. And while an Indonesian airline was negotiating the purchase of airplanes from a U.S. manufacturer, the hackers breached the airline\u2019s networks. \u201cAt the same time,\u201d the report said, \u201ca competing interest was actively promoting aircraft from a manufacturer based in Southeast Asia.\u201d
\nOther attacks pointed even more clearly at Beijing. Weeks after the Czech Republic\u2019s president met with the Dalai Lama, hackers began scanning the networks of the Czech military, the national police, the parliament and multiple national government bureaus. And on Oct. 31, one month before Honduras held a presidential election \u201cin which both candidates signaled openness to restoring diplomatic relations with Taiwan,\u201d the report said, the hackers targeted at least 200 Honduran government IP addresses \u2014 one of their most intense periods of activity on record.
\nThe group\u2019s tooling includes a phishing-delivered malware loader originally named DiaoYu, the Chinese word for \u201cfishing,\u201d which scans for a handful of antivirus products before deploying a Cobalt Strike payload. The group has tried to exploit vulnerabilities in Microsoft Exchange Server, SAP Solution Manager and more than a dozen other products and services, researchers said.
\nPalo Alto Networks also observed the hackers using a unique rootkit, which the security firm dubbed ShadowGuard, to stealthily run inside the Linux kernel\u2019s Extended Berkeley Packet Filter (eBPF) virtual machine. \u201ceBPF backdoors are notoriously difficult to detect because they operate entirely within the highly trusted kernel space,\u201d researchers wrote. \u201cThis allows them to manipulate core system functions and audit logs before security tools or system monitoring applications can see the true data.\u201d
\nThat tradecraft aligns with recent research on China-linked groups\u2019 use of sophisticated malware.
\nThe threat actor \u201capplies a multi-tiered infrastructure approach to obfuscate its activities,\u201d researchers wrote, but some of the group\u2019s activity still revealed clues about its origins. In some cases, the report said, the hackers connected to victims\u2019 networks from IP addresses belonging to China Mobile Communications Group, one of China\u2019s most important backbone providers.
\nPalo Alto Networks said its analysis suggested the hackers had been active since January 2024. The group \u201cremains an active threat to government and critical infrastructure worldwide,\u201d it warned.<\/p>\n

<\/p>\n","protected":false},"excerpt":{"rendered":"

Asian government\u2019s espionage campaign breached critical infrastructure in 37 countries https:\/\/www.cybersecuritydive.com\/news\/asian-governments-espionage-campaign-breached-critical-infrastructure-in-3\/811472\/ Publish Date: 2026-02-05 11:23:00…<\/p>\n","protected":false},"author":1,"featured_media":185403,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/imgproxy.divecdn.com\/qKrhbPQymPgBKdugKve0YiYqnL_CCH6S-B6aadvjFpo\/g:ce\/rs:fit:770:435\/Z3M6Ly9kaXZlc2l0ZS1zdG9yYWdlL2RpdmVpbWFnZS9HZXR0eUltYWdlcy0xMjU2NjI3NDU1LmpwZw==.webp","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[30,31,32,25,34],"class_list":["post-185402","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-breach","tag-exploit","tag-malware","tag-phishing","tag-threat-actor"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/185402"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=185402"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/185402\/revisions"}],"predecessor-version":[{"id":185404,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/185402\/revisions\/185404"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/185403"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=185402"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=185402"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=185402"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}