Since at least March 2023, a suspected Chinese threat actor has been targeting government, defense, telecommunications, education, and aviation sectors in Southeast Asia and South America. The attackers employ a sophisticated backdoor known as Squidoor, which affects both Windows and Linux systems. Squidoor is modular and designed for stealth, utilizing multiple communication protocols—including Outlook API, DNS tunneling, and ICMP tunneling—to establish covert channels with command and control servers. Initial access is typically achieved by exploiting vulnerabilities in Internet Information Services (IIS) servers, followed by the deployment of obfuscated web shells for persistent access.