Trend Micro disclosed a China-linked espionage campaign designated SHADOW-EARTH-053 targeting government and defense sectors across South, East, and Southeast Asia, plus one NATO member state. The threat actors also targeted journalists and activists in the region.
Researchers attribute the campaign to a China-aligned collective conducting long-term intelligence gathering. The campaign leverages custom malware and supply chain compromises to establish persistent access within high-value networks. Attack vectors include spear-phishing with weaponized documents and exploitation of known vulnerabilities in widely deployed software.
Defenders should prioritize detection of SHADOW-EARTH-053 indicators of compromise across email gateways and endpoint logs. Organizations in government, defense, and media sectors face elevated risk. Monitor for suspicious document execution and unusual outbound connections from systems handling sensitive data.
The campaign reflects persistent Chinese state-sponsored reconnaissance operations targeting geopolitical interests in the Indo-Pacific region. Attribution confidence remains high based on tooling, infrastructure, and targeting patterns consistent with known Chinese threat groups.
Organizations should implement network segmentation to limit lateral movement, enforce multi-factor authentication on critical accounts, and maintain updated vulnerability patching schedules. Threat intelligence sharing with sector peers improves collective detection capabilities.