Three different groups. One target. Overlapping campaign windows running for months. The same government being worked from three separate directions simultaneously, by teams using different tools, different techniques, and at least partly different infrastructure.

This is 2025 activity being disclosed now, not something that began yesterday.¹ But the disclosure matters because of what it documents: a level of sustained, multi-actor pressure against a single high-value target that most defenders aren’t structured to detect, let alone respond to.

A Palo Alto Networks Unit 42 investigation, corroborated independently by JPCERT, identified three distinct Chinese state-linked threat clusters operating against the same unnamed Southeast Asian government between March and September 2025.² Over ten malware families deployed across the campaign. And a USB-spreading worm that signals something important about what the attackers thought they were up against.

Mustang Panda is the one with the established reputation. Also tracked as Stately Taurus, it’s one of the more visible Chinese state-linked groups in public threat intelligence. Active in this campaign from June to August 2025. Deploying PUBLOAD and HIUPAN, among others.

CL-STA-1048 is less publicly named but overlaps with activity clusters tracked as Earth Estries and Crimson Palace. Active March through September 2025. Six months against a single target.

CL-STA-1049 overlaps with Unfading Sea Haze. Active in April and again in August.

The full malware list across all three: HIUPAN (also known as USBFect, MISTCLOAK, and U2DiskWatch), PUBLOAD, EggStremeFuel (RawCookie), EggStremeLoader (Gorem RAT), MASOL RAT, PoshRAT, TrackBak Stealer, Hypnosis Loader, FluffyGh0st.² Ten-plus families, multiple clusters, months of simultaneous operation.

The investigation’s conclusion is direct: “The convergence of these activity clusters, all of which show links to known China-aligned actors, points to a coordinated effort to achieve a common strategic goal.”²

That conclusion raises the obvious question. Three groups, one target, overlapping windows. Is that coordination? Or three teams independently tasked to a high-priority target by the same sponsoring state, unaware of each other’s presence?

The honest answer is that the distinction matters less than it might seem from the outside, and more than it appears from the inside.

If it’s coordination: the target faces a deliberately orchestrated multi-vector intrusion, designed so that detecting one thread doesn’t reveal the others. The resilience is intentional.

If it’s independent tasking: the result is functionally the same. Three persistent presences, different tooling, different infrastructure, different detection signatures. Defenders who find cluster one have found cluster one. Clusters two and three keep running.

China’s intelligence and military cyber apparatus is not a monolith. Multiple units, with different organizational homes and different operational mandates, can be independently directed toward the same high-value target without coordinating at the operational level. They share strategic goals. They don’t necessarily share intelligence about their own operations.

The implication for defenders is uncomfortable: you can successfully detect, evict, and remediate one intrusion and still have two more active. Your incident response playbook is built around the assumption of a single threat actor per incident. That assumption breaks here.

This is also worth noting in context. Earlier this month we covered Chinese state cyber operations involving BPFDoor, scam compounds, and the Xinbi network. That was a different set of disclosures, different campaigns, different threat actors entirely. The common thread is volume and sustained operational tempo, not a single unified campaign. Keep them separate in your mental model.

Of everything in this disclosure, the presence of HIUPAN is the detail that says the most about the target.

HIUPAN is a USB-spreading worm. It copies itself to removable drives and spreads when those drives are inserted into other machines. It’s been used specifically to bridge air-gapped or network-segmented systems. Networks that have no direct internet connection. Systems that are deliberately isolated from external access.

You don’t bring a USB worm to a target with normal network connectivity. You bring it because you know, or strongly suspect, that the things you actually want to steal aren’t reachable through the network. They’re on isolated systems. Physically separated. Accessible only by someone physically present with a USB drive.

The use of HIUPAN tells you something about what the attackers believed they were after. Not just any government data. Data on systems the government specifically isolated because they considered it sensitive enough to warrant air-gap controls.

That’s a signal about the target’s own threat assessment. And the attackers built around it.

The takeaway isn’t primarily about China’s capabilities, though those are worth understanding. The operational lesson is about detection assumptions.

Finding one cluster is not finding the intrusion. It’s finding one thread of it.

Most incident response engagements work from a model where you identify the threat actor, map their tools and infrastructure, and use that map to scope the breach. That model assumes a single actor. When three distinct clusters are operating simultaneously with different malware, different C2 infrastructure, and different operational patterns, scoping by actor profile is incomplete by construction.

The JPCERT corroboration on cluster overlap is significant precisely because it came independently.³ Two research teams, working separately, reached the same conclusion about the convergence. That’s not analysis drift. That’s a real pattern.

If you defend infrastructure that fits the profile of a high-priority espionage target, the relevant question after any intrusion isn’t just “did we evict the attacker?” It’s “did we find all of them?” Those are different investigations with different scopes, different hunting queries, and different success criteria.

The government that was targeted in 2025 had air-gap controls. They weren’t enough to prevent the operation, but they shaped it. The attackers adapted. They brought tools specifically designed to route around physical network separation.

Good security controls change the shape of an attack. They don’t always prevent it. And when the attacker is three separate teams with different tooling and months of persistence, the bar for “we’ve handled this” is significantly higher than it looks at first incident.

This campaign ran for six months before anyone disclosed it publicly. That’s not a failure of detection in isolation. It’s a reminder that sustained state-level espionage against a hardened target is a long game, and defenders need to think accordingly.

The Hacker News summary for disclosure context - https://thehackernews.com/2026/03/three-china-linked-clusters-target.html ↩
Palo Alto Networks Unit 42 - Espionage campaigns targeting Southeast Asian government organization - https://unit42.paloaltonetworks.com/espionage-campaigns-target-se-asian-government-org/ ↩ ↩² ↩³
JPCERT JSAC2026 notes on overlapping clusters and USB malware behavior - https://blogs.jpcert.or.jp/en/2026/02/jsac2026day1.html ↩