China-Linked Hackers Target Asian Governments, NATO State, Journalists, and Activists

Trend Micro attributed a new espionage campaign to SHADOW-EARTH-053, a China-aligned threat actor targeting government and defense sectors across South, East, and Southeast Asia plus one NATO member state. The campaign also strikes journalists and activists, indicating broad intelligence collection objectives beyond traditional government networks.

Researchers have not yet disclosed specific CVEs or attack vectors exploited in the campaign. Defenders should monitor for SHADOW-EARTH-053 indicators of compromise and implement network segmentation around sensitive government and defense assets. Organizations in targeted regions face elevated risk and should assume compromise of externally exposed systems unless proven otherwise.

The scope of targets spanning multiple countries and sectors suggests sustained, resourced operations with state-level backing. Journalists and activists targeted alongside government officials point to information gathering on political opposition and civil society. NATO involvement signals either espionage against alliance capabilities or collection on NATO member positions in regional disputes.

Trend Micro's temporary designation for this cluster indicates ongoing analysis. Organizations should track follow-up reporting for technical details on infection methods and command-and-control infrastructure. Regional government and defense agencies should conduct forensic reviews of recent network activity for signs of intrusion consistent with this group's known techniques.