| SYMBOL | COMMON_NAME | aka. SYNONYMS |
CL-UNK-1068 is a Chinese threat actor that has targeted critical infrastructure in Asia, primarily focusing on cyberespionage. They utilize cross-platform tools, including the Xnote Linux backdoor and the GodZilla web shell, to maintain a persistent presence and execute credential theft. Their TTPs involve DLL side-loading, the use of custom malware, and batch scripts to bypass security measures. The group has demonstrated a capability for data exfiltration from SQL servers and has employed tools like DumpIt and Volatility for memory analysis.
There are currently no families associated with this actor.
| 2026-03-06
⋅
Palo Alto Networks Unit 42
⋅
An Investigation Into Years of Undetected Operations Targeting High-Value Sectors Godzilla Webshell CL-UNK-1068 |