Cyberspy Group Hacked Governments and Critical Infrastructure in 37 Countries

A state-sponsored cyberespionage group has hacked into the systems of government and critical infrastructure organizations across dozens of countries, Palo Alto Networks revealed on Thursday.

The security firm is tracking the threat actor as TGR-STA-1030 and the recently observed activity has been named Shadow Campaign.

Palo Alto Networks expressed high confidence that it’s a nation-state group operating out of Asia based on the use of regional tools and services, language preferences, targets, and operational infrastructure located in the region.

In addition, Palo Alto Networks noted that the attackers’ activity aligns with the GMT+8 timezone.

While the security firm has refrained from blaming a specific country for Shadow Campaign, the group’s operational footprint appears to align with the profile of a Chinese threat actor.

Evidence collected by Palo Alto’s researchers indicates that TGR-STA-1030 has compromised the systems of at least 70 organizations in 37 countries. Additionally, the ...