Three China-Linked Clusters Target Southeast Asian Government in 2025 Cyber Campaign

Summary

Three threat activity clusters with suspected Chinese nexus launched a coordinated, well-resourced campaign against a Southeast Asian government organization in 2025. The operation deployed multiple malware families including HIUPAN (USBFect), PUBLOAD, EggStremeFuel (RawCookie), and EggStremeLoader (Gorem RAT). The campaign is characterized as complex and sophisticated, indicating sustained state-sponsored cyber operations in the region.

Indicators of Compromise

• malware — HIUPAN
• malware — PUBLOAD
• malware — EggStremeFuel
• malware — EggStremeLoader
• malware — MASOL