CL-STA-0048: An Espionage Operation Against High-Value Targets in South Asia

A Chinese threat actor, tracked as CL-STA-0048, targeted high-value organizations in South Asia using a sophisticated espionage operation. The actor employed unique techniques like “Hex Staging” for payload delivery and exfiltrated data over DNS using ping. The campaign aimed to steal sensitive information and establish persistent access, highlighting the need for organizations to patch vulnerabilities and maintain strong IT hygiene.