CL-STA-0048 is a threat actor attributed to CN, also known as CL STA 0048. This group is tracked in the Strobes VI threat intelligence database.

What vulnerabilities does CL-STA-0048 exploit?

Specific CVE exploitation data for CL-STA-0048 is being tracked. Check the Strobes VI threat actor profile for updates.

CL-STA-0048

Also known as: CL STA 0048

Exploited CVEs

Overview

CL-STA-0048 is a Chinese state-backed APT that targets strategic sectors in South Asia, particularly government and telecommunications entities, with a focus on espionage. The group has been linked to SAP NetWeaver intrusions and employs techniques such as DNS beaconing using ping commands and exploiting unpatched vulnerabilities in services like IIS, Apache Tomcat, and MSSQL. Analysts have observed its use of reverse shell commands and command-and-control traffic directed to specific IP addresses. The actor adapts its methods to evade detection and maintain persistent access to high-value networks.

Exploited Vulnerabilities

No exploited CVEs have been attributed to this threat actor yet.

Browse CVE Database