Intel Name: Cl-sta-0048: an espionage operation against high-value targets in south asia
Date of Scan: January 30, 2025
Impact: Medium
Summary: CL-STA-0048 is an espionage campaign targeting high-value organizations in South Asia, including a telecommunications company. The attackers, likely from China, use advanced techniques such as Hex Staging, DNS exfiltration, and SQLcmd for data theft. The campaign aims to steal personal and sensitive information, focusing on government employees. The threat actor exploits known vulnerabilities in IIS, Apache Tomcat, and MSSQL services, highlighting the need for organizations to patch these flaws and maintain strong IT hygiene to defend against similar attacks.