Chinese-Speaking APT Deploys New TinyRCT Backdoor in Southeast Asia Campaign

A Chinese-speaking advanced persistent threat (APT) actor, identified as CL-STA-1062, has deployed a new custom backdoor named TinyRCT in cyberattacks targeting government entities and critical infrastructure in Southeast Asia. Palo Alto Networks Unit 42 reported this activity, noting that the campaign specifically focused on state-owned enterprises within the energy and government sectors. The TinyRCT backdoor is designed to establish command-and-control (C2) communication, allowing the threat actor to remotely execute commands on compromised systems. This discovery highlights the ongoing sophisticated cyber espionage efforts targeting regional governments and infrastructure. The attribution to a Chinese-speaking APT group suggests a state-sponsored motivation behind these attacks, aiming to gather intelligence or disrupt operations within the targeted nations. The use of a novel backdoor like TinyRCT indicates the continuous evolution of attack methods employed by these sophisticated threat actors to evade detection and maintain persistent access.