Unit 42 identified a coordinated cyberespionage campaign targeting a Southeast Asian government entity, involving three distinct China-aligned threat clusters. The attackers utilized a variety of tools including USB worms, custom loaders, and multiple remote access Trojans (PUBLOAD, Masol, Gorem, FluffyGh0st) to establish persistent access, evade detection via DLL sideloading, and exfiltrate sensitive data.