Across 37 countries, the state-aligned attackers are reported to have infiltrated networks of 70 organizations, including three ministries of finance, other government ministries, five national law enforcement and border control agencies.
Among those compromised, per the report: Brazil’s Ministry of Mines and Energy, the Czech Republic’s parliament and military, an Indonesian government official, and a Taiwanese power equipment supplier.
US-based cybersecurity firm Palo Alto Networks’ Unit 42 threat intelligence team reports the hacking group — which they call ‘TGR-STA-1030’ — are suspected of being active in Bolivia, Brazil, Cyprus, the Czech Republic, the Democratic Republic of the Congo, Djibouti, Germany, Greece, Honduras, Indonesia, Italy, Malaysia, Mexico, Mongolia, Panama, Poland, Taiwan, Thailand, Venezuelan, Zambia, and others.
Playing the long game
Palo Alto Networks did not accuse any specific government, instead attributing the campaign to “a state-aligned group that operates out of Asia.”
Instead of breaking things, their goal appears to be to vacuum up as much information and intelligence as possible.
Palo Alto Networks warned that the group is still active. In November 2025, Unit 42 noted the attack group was scanning for weak points to break into Australia’s Treasury Department, Afghanistan’s Ministry of Finance, and Nepal’s Office of the Prime Minister, among others.
Sources:
Palo Alto Networks’ Unit 42: The Shadow Campaigns: Uncovering Global Espionage https://unit42.paloaltonetworks.com/shadow-campaigns-uncovering-global-espionage/
Jeffrey Burt, Security Boulevard: Threat Group Running Espionage Operations Against Dozens of Governments https://securityboulevard.com/2026/02/threat-group-running-espionage-operations-against-dozens-of-governments/
Ravie Lakshmanan, The Hacker News: Asian State-Backed Group TGR-STA-1030 Breaches 70 Government, Infrastructure Entities https://thehackernews.com/2026/02/asian-state-backed-group-tgr-sta-1030.html