Since 2020, a Chinese threat actor dubbed CL-UNK-1068 has been targeting high-value organizations across South, Southeast and East Asia, focusing on critical sectors like aviation, energy, government, and telecommunications. The group employs a diverse toolkit including custom malware, modified open-source utilities, and living-off-the-land binaries to maintain stealthy persistence. Their techniques involve web shell deployment, DLL side-loading attacks, and credential theft. The attackers exfiltrate sensitive data, including configuration files and database backups. While primarily assessed as an espionage operation, cybercriminal motivations cannot be fully ruled out. The activity demonstrates sophisticated cross-platform capabilities, targeting both Windows and Linux environments.