Unit42_Analysis_Targeting_Southeast_Asian

Unit 42 documents a coordinated cyber-espionage campaign from June–August 2025 against a Southeast Asian government, identifying three concurrent activity clusters (Stately Taurus, CL-STA-1048, CL-STA-1049) that used USB-propagation, multiple loaders and a range of RATs/stealers (USBFect/HIUPAN, PUBLOAD, CoolClient, EggStremeFuel, Masol, Gorem, TrackBak, Hypnosis loader, FluffyGh0st) with overlaps to China-aligned threat actors and providing extensive indicators of compromise.