Major Incidents or Breaches

  • Telecommunications organizations in Southeast Asia have been targeted by the state-sponsored threat actor CL-STA-0969, which installed covert malware to enable remote control and espionage over a 10-month campaign. The activity is attributed to a persistent and sophisticated espionage operation targeting telecom infrastructure.

Newly Discovered Vulnerabilities

  • Security researchers have identified a previously undocumented Linux backdoor named “Plague.” The malware is implemented as a malicious Pluggable Authentication Module (PAM), allowing silent credential theft and persistent access. Plague has evaded detection for approximately one year and poses a significant risk to affected Linux systems.

Notable Threat Actor Activity

  • CL-STA-0969 has demonstrated advanced capabilities in maintaining long-term covert access within targeted telecom networks, utilising custom malware for remote control and data exfiltration.

Trends, Tools, or Tactics of Interest

  • The Plague backdoor leverages the Linux PAM framework to remain undetected and facilitate ongoing credential theft, highlighting an increased focus on targeting authentication mechanisms within Linux environments by threat actors.

Regulatory or Policy Developments Affecting the Security Industry

  • The US Congress is expediting legislation aimed at censoring lawmakers’ personal information online, reflecting heightened concern over privacy and the exposure of sensitive data for public officials.