Researchers Uncover Southeast Asia Government Cyberespionage Campaign

Unit 42 researchers uncovered a persistent cyberespionage campaign targeting a government organization in Southeast Asia between June 1 and Aug. 15, 2025. Analysts identified USBFect (aka HIUPAN) USB-propagated malware deploying the PUBLOAD backdoor, plus two distinct clusters CL-STA-1048 (EggStremeFuel, Masol, Gorem, TrackBak) and CL-STA-1049 (Hypnosis loader deploying FluffyGh0st). Overlaps with China-aligned groups suggest coordinated efforts and persistent access.Read More