According to new findings from Palo Alto Networks Unit 42, during the past year, at least 70 government and critical infrastructure organizations across 37 countries had their networks compromised by an as-yet-unknown cyber espionage group operating from Asia. Additionally, between November and December 2025, the hacking team was seen actively scouting government infrastructure linked to 155 different nations. Five national-level law enforcement/border control agencies, three finance ministries, other government ministries, and departments related to trade, economics, natural resources, and diplomacy are among the organizations that have been successfully compromised.

The cybersecurity firm is monitoring the activity under the name TGR-STA-1030, where "STA" stands for state-backed motivation and "TGR" for temporary threat group.

The threat actor has been active since January 2024, according to the evidence. "The group leases additional VPS infrastructure that it uses to relay traffic through in order to connect to the C2 infrastructure." According to the cybersecurity vendor, the adversary was able to keep access to a number of the affected entities for months, demonstrating efforts to gather intelligence over a long period of time.

"TGR-STA-1030 continues to pose a serious threat to governments and vital infrastructure across the globe. For espionage purposes, the group mainly targets government ministries and departments," the report concluded.

"We determine that it gives priority to actions against nations that have formed or are considering forming specific economic alliances." "Even though this group may be working toward espionage goals, its tactics, targets, and scope of operations are concerning, with possible long-term repercussions for key services and national security."