A new cyberespionage group that operates out of Asia has compromised 70 government and critical infrastructure organizations across 37 countries over the past year using a sophisticated toolset that combines phishing, exploitation kits, custom malware, Linux rootkits, web shells, and a variety of other tunneling and proxy tools. Researchers believe the group is expanding its activities and is conducting active reconnaissance on even more targets. “Between November and December 2025, we observed the group conducting active reconnaissance against government infrastructure associated with 155 countries,” researchers from security firm Palo Alto Networks said in a new report. Palo Alto tracks th...