Since 2025, an ongoing cyberespionage campaign linked to an Asian country has compromised at least 70 organizations in 37 countries. The campaign is noted as the most active espionage operation since the 2020 SolarWinds hack. The hacking group, identified by Palo Alto Networks as TG-STA-1030, targets government agencies, critical infrastructure, and diplomatic entities, using traditional phishing and zero-day vulnerabilities. Victims include Brazil’s Ministry of Mines and Energy, the Czech Republic’s parliament and army, an Indonesian government official, and a Taiwanese power equipment supplier. Government entities in Bolivia, Brazil, Mexico, Panama, Venezuela, Cyprus, Greece, Indonesia, Malaysia, Mongolia, Taiwan, Thailand, Democratic Republic of the Congo, Djibouti, and Zambia were affected. The group exploits Linux kernel rootkits to hide activities and moves laterally within networks to maintain access. There is a strategic focus on economic intelligence, including espionage following the 2025 Honduran elections and incidents surrounding Venezuela and China trade investigations. The campaign also attempted intrusions into Australia’s Treasury, Afghanistan’s Ministry of Finance, and Nepal’s Prime Minister’s office. Palo Alto Networks has not accused a specific government but notes the campaign is run by a state-aligned Asian group. The operation poses long-term risks for national security and critical infrastructure.
Category: Cyber & Information Warfare
Subcategory: Cyber Attacks
Incident Type: Hacking, malware, ransomware
Country: Multiple countries
Source report: www.axios.com/2026/02/0…
