A suspected China-nexus threat actor tracked as CL-STA-1087 has been conducting a persistent espionage campaign against Southeast Asian military targets since 2020. The attackers utilize custom malware, including the AppleChris and MemFun backdoors, leveraging Dead Drop Resolvers (DDR) like Pastebin and Dropbox for C2 resolution alongside advanced evasion techniques like process hollowing and DLL hijacking.