CL-STA-1020CL-STA-1020

Also known as: CL-STA-1020

Known aliases
1

Profile

CL-STA-1020 targets Southeast Asian government networks, employing AWS Lambda Function URLs configured with AuthType: NONE for stealthy command-and-control communication. The actor has been observed collecting sensitive information from governmental entities, including data on tariffs and trade disputes. An investigation revealed a new Windows backdoor named HazyBeacon, which utilizes this novel C2 technique. This activity cluster has demonstrated significant efforts to remain undetected while executing its operations.

Aliases· 1

CL-STA-1020

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Actor
CL-STA-1009
Actor
CL-STA-1087
Actor
CL-STA-0048
Actor
CL-UNK-1068
Actor
UNC6619
Actor
Unfading Sea Haze
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.