The HoneyMyte APT group has enhanced its toolset with an updated CoolClient backdoor and new data stealing capabilities. The group targeted government entities in Asia and Europe, particularly Southeast Asia. CoolClient now features clipboard monitoring, HTTP proxy credential sniffing, and plugin support for extended functionality. HoneyMyte also deployed browser login data stealers and document theft scripts. The campaign's focus has shifted towards active surveillance, including keylogging, clipboard data collection, and proxy credential harvesting. Organizations are advised to remain vigilant against HoneyMyte's evolving toolkit, which includes CoolClient, PlugX, ToneShell, Qreverse, and LuminousMoth malware families.