The Shadow Campaigns: Uncovering Global Espionage
Essential information
- Published
- 05/02/2026 20:20
- Modified
- 05/02/2026 20:40
- Tags
- 2026-02-05 CVE-2019-11580 asia behinder cobalt strike cyberespionage diaoyu loader exploitation global godzilla government havoc infrastructure neo-regeorg phishing shadowguard sliver sparkrat vshell
- Related entities
- 1 vulnerabilities (cve), 22 observables, 1 intrusion sets (apt), 10 malware, 55 others
Description
This investigation reveals a new cyberespionage group tracked as TGR-STA-1030, believed to be a state-aligned actor operating from Asia. Over the past year, the group has compromised government and critical infrastructure organizations in 37 countries, targeting ministries, law enforcement agencies, and departments related to economic, trade, and diplomatic functions. The group employs sophisticated phishing and exploitation techniques, leveraging various tools and infrastructure to maintain persistent access. Their activities span across the Americas, Europe, Asia, Oceania, and Africa, with a focus on countries exploring certain economic partnerships. The group's operations often coincide with significant geopolitical events and economic interests, particularly in sectors like rare earth minerals and international trade agreements.