"Palo Alto Networks expressed high confidence that it's a nation-state group operating out of Asia based on the use of regional tools and services, language preferences, targets, and operational infrastructure located in the region. In addition, Palo Alto Networks noted that the attackers' activity aligns with the GMT+8 timezone. While the security firm has refrained from blaming a specific country for Shadow Campaign, the group's operational footprint appears to align with the profile of a Chinese threat actor."
"Evidence collected by Palo Alto's researchers indicates that TGR-STA-1030 has compromised the systems of at least 70 organizations in 37 countries. Additionally, the hackers' reconnaissance activity has targeted government infrastructure across 155 countries. Advertisement. Scroll to continue reading. Targets included national law enforcement and border control agencies, ministries of finance, and government departments focusing on trade, natural resources, and diplomacy."
TGR-STA-1030, tracked as Shadow Campaign, conducted widespread cyberespionage against government and critical infrastructure across dozens of countries. The group shows high confidence of being a nation-state actor operating from Asia based on regional tools, language preferences, targets, and regional operational infrastructure, with activity aligning to the GMT+8 timezone. While no specific country has been blamed, the operational footprint aligns with a Chinese threat actor profile. Researchers attribute compromises of at least 70 organizations in 37 countries, with reconnaissance targeting government infrastructure in 155 countries. Targets include national law enforcement, border control, ministries of finance, trade, natural resources, diplomacy, parliaments, telecoms, and police organizations. Monitoring began in early 2025, with infrastructure suggesting earlier activity.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]