China-Linked Espionage Threatening Asia-Pacific Critical Communications
Persistent loaders (PlugX, Bookworm, Turian) are enabling long-term access to subscriber and core network data across the region.
The China-linked threat actors are intensifying espionage campaigns across Asia, with telecommunications providers and government networks as prime targets. These operations leverage modernised versions of PlugX, Bookworm, and Turian loaders, all sharing stealthy DLL sideloading and advanced in-memory decryption pipelines. By compromising telecoms and their service providers, adversaries gain access to subscriber data, network management systems, and interconnection gateways—delivering both intelligence and operational leverage.
The tradecraft—spear-phishing, stealth persistence, and credential harvesting—enables long-term footholds that are difficult to detect or eradicate. For enterprises, this represents a sustained risk of data exfiltration, service disruption, and systemic exposure across critical infrastructure. What makes this campaign particularly dangerous is the convergence of multiple malware families into a shared ecosystem of loaders and toolkits, enabling adversaries to scale operations with minimal innovation. This ecosystem approach ensures persistence across borders, sectors, and technologies—posing not just a cybersecurity risk, but a direct challenge to regional resilience and national sovereignty.
Read more: Download the full report