CL-UNK-1068 is a Chinese threat actor that has targeted critical infrastructure in Asia, primarily focusing on cyberespionage. They utilize cross-platform tools, including the Xnote Linux backdoor and the GodZilla web shell, to maintain a persistent presence and execute credential theft. Their TTPs involve DLL side-loading, the use of custom malware, and batch scripts to bypass security measures. The group has demonstrated a capability for data exfiltration from SQL servers and has employed tools like DumpIt and Volatility for memory analysis.
References
Actor metadata imported from Malpedia (Fraunhofer FKIE).