CL-STA-0969 Installs Covert Malware in Telecom Networks During 10-Month Espionage Campaign

A state-sponsored threat actor, CL-STA-0969, targeted telecommunications organizations in Southeast Asia, deploying malware to enable remote control and collect location data. The attacks, which occurred between February and November 2024, utilized various tools and techniques to maintain stealth and evade detection. While no data exfiltration was observed, the threat actor’s actions demonstrate a deep understanding of telecommunications protocols and infrastructure.