{ "name": "The Shadow Campaigns: Uncovering Global Espionage", "slug": "the-shadow-campaigns-uncovering-global-espionage", "description": "This investigation reveals a new cyberespionage group tracked as TGR-STA-1030, believed to be a state-aligned actor operating from Asia. Over the past year, the group has compromised government and critical infrastructure organizations in 37 countries, targeting ministries, law enforcement agencies, and departments related to economic, trade, and diplomatic functions. The group employs sophisticated phishing and exploitation techniques, leveraging various tools and infrastructure to maintain persistent access. Their activities span across the Americas, Europe, Asia, Oceania, and Africa, with a focus on countries exploring certain economic partnerships. The group's operations often coincide with significant geopolitical events and economic interests, particularly in sectors like rare earth minerals and international trade agreements.", "published": "2026-02-05T19:20:38+00:00", "created_at": "2026-02-05T19:20:38+00:00", "modified_at": "2026-02-05T19:40:30+00:00", "created_at_opencti": "2026-02-05T19:20:38+00:00", "author": "", "confidence": null, "report_types": [], "labels": [], "tags": [ "2026-02-05", "CVE-2019-11580", "asia", "behinder", "cobalt strike", "cyberespionage", "diaoyu loader", "exploitation", "global", "godzilla", "government", "havoc", "infrastructure", "neo-regeorg", "phishing", "shadowguard", "sliver", "sparkrat", "vshell" ], "related_entities": { "observables": [ { "id": "", "name": "142.91.105.172" }, { "id": "", "name": "159.203.164.101" }, { "id": "", "name": "208.85.21.30" }, { "id": "", "name": "146.190.152.219" }, { "id": "", "name": "188.127.251.171" }, { "id": "", "name": "157.245.194.54" }, { "id": "", "name": "178.128.60.22" }, { "id": "", "name": "188.166.210.146" }, { "id": "", "name": "178.128.109.37" }, { "id": "", "name": "157.230.34.45" }, { "id": "", "name": "138.197.44.208" }, { "id": "", "name": "293821e049387d48397454d39233a5a67d0ae06d59b7e5474e8ae557b0fc5b06" }, { "id": "", "name": "c876e6c074333d700adf6b4397d9303860de17b01baa27c0fa5135e2692d3d6f" }, { "id": "", "name": "66ec547b97072828534d43022d766e06c17fc1cafe47fbd9d1ffc22e2d52a9c0" }, { "id": "", "name": "7808b1e01ea790548b472026ac783c73a033bb90bbe548bf3006abfbcb48c52d" }, { "id": "", "name": "5175b1720fe3bc568f7857b72b960260ad3982f41366ce3372c04424396df6fe" }, { "id": "", "name": "358ca77ccc4a979ed3337aad3a8ff7228da8246eebc69e64189f930b325daf6a" }, { "id": "", "name": "5ddeff4028ec407ffdaa6c503dd4f82fa294799d284b986e1f4181f49d18c9f3" }, { "id": "", "name": "9ed487498235f289a960a5cc794fa0ad0f9ef5c074860fea650e88c525da0ab4" }, { "id": "", "name": "182a427cc9ec22ed22438126a48f1a6cd84bf90fddb6517973bcb0bac58c4231" }, { "id": "", "name": "23ee251df3f9c46661b33061035e9f6291894ebe070497ff9365d6ef2966f7fe" }, { "id": "", "name": "b2a6c8382ec37ef15637578c6695cb35138ceab42ce4629b025fa4f04015eaf2" } ], "malware": [ { "id": "fffe4282-f703-4109-ae2e-80f30f2951a8", "name": "ShadowGuard", "slug": "shadowguard" }, { "id": "bde9e2e7-7f8d-4a35-bc8e-4ddc9acb3287", "name": "Havoc - S1229", "slug": "havoc-s1229" }, { "id": "c70c9980-18de-4208-93f5-0bd2dddeb40c", "name": "Sliver", "slug": "sliver" }, { "id": "ab138766-9b64-4880-87fb-1942a709d778", "name": "Cobalt Strike - S0154", "slug": "cobalt-strike-s0154" }, { "id": "legacy:malware:0bb2606f75a1ee20", "name": "Neo-reGeorg - S1189", "slug": "neo-regeorg-s1189" }, { "id": "legacy:malware:f5ad0dfc2e127b74", "name": "VShell", "slug": "vshell" }, { "id": "legacy:malware:486b4d9508f90a7a", "name": "Behinder", "slug": "behinder" }, { "id": "legacy:malware:fb27193ab6e0bb48", "name": "Godzilla", "slug": "godzilla" }, { "id": "legacy:malware:3a1d93bc561360cd", "name": "Diaoyu Loader", "slug": "diaoyu-loader" }, { "id": "legacy:malware:117d4c40559c77fb", "name": "SparkRat", "slug": "sparkrat" } ], "intrusion_sets": [ { "id": "1904842c-42d4-4325-9498-9b926c8d33ab", "name": "TGR-STA-1030", "slug": "tgr-sta-1030" } ], "vulnerabilities": [ { "id": "", "name": "CVE-2019-11580" } ], "others": [ { "id": "", "name": "Taiwan" }, { "id": "", "name": "Czechia" }, { "id": "", "name": "Brazil" }, { "id": "", "name": "Uzbekistan" }, { "id": "", "name": "India" }, { "id": "", "name": "British Indian Ocean Territory" }, { "id": "", "name": "Niger" }, { "id": "", "name": "Panama" }, { "id": "", "name": "Zambia" }, { "id": "", "name": "Poland" }, { "id": "", "name": "Nigeria" }, { "id": "", "name": "Saudi Arabia" }, { "id": "", "name": "Serbia" }, { "id": "", "name": "Venezuela, Bolivarian Republic of" }, { "id": "", "name": "Papua New Guinea" }, { "id": "", "name": "Japan" }, { "id": "", "name": "United Kingdom of Great Britain and Northern Ireland" }, { "id": "", "name": "Namibia" }, { "id": "", "name": "Mongolia" }, { "id": "", "name": "Germany" }, { "id": "", "name": "Afghanistan" }, { "id": "", "name": "Malaysia" }, { "id": "", "name": "Djibouti" }, { "id": "", "name": "Singapore" }, { "id": "", "name": "Bolivia, Plurinational State of" }, { "id": "", "name": "Bangladesh" }, { "id": "", "name": "Greece" }, { "id": "", "name": "Sri Lanka" }, { "id": "", "name": "Ethiopia" }, { "id": "", "name": "Mexico" }, { "id": "", "name": "Indonesia" }, { "id": "", "name": "Italy" }, { "id": "", "name": "United States of America" }, { "id": "", "name": "Cyprus" }, { "id": "", "name": "Portugal" }, { "id": "", "name": "Thailand" }, { "id": "", "name": "Energy" }, { "id": "", "name": "Finance" }, { "id": "", "name": "Transport" }, { "id": "", "name": "Telecommunications" }, { "id": "", "name": "Government and administrations" }, { "id": "", "name": "Defense" }, { "id": "", "name": "pr0fu5a.me" }, { "id": "", "name": "msonline.help" }, { "id": "", "name": "dog3rj.tech" }, { "id": "", "name": "zamstats.me" }, { "id": "", "name": "gouvn.me" }, { "id": "", "name": "abwxjp5.me" }, { "id": "", "name": "emezonhe.me" }, { "id": "", "name": "brackusi0n.live" }, { "id": "", "name": "servgate.me" }, { "id": "", "name": "pickupweb.me" }, { "id": "", "name": "q74vn.live" }, { "id": "", "name": "888910.xyz" }, { "id": "", "name": "zrheblirsy.me" } ] }, "external_refs": [ "https://otx.alienvault.com/pulse/6984fb96aab9cc504d06ea4e", "https://unit42.paloaltonetworks.com/shadow-campaigns-uncovering-global-espionage" ] }