Skip to content
Auto-CTI
Back to all actors

CL-STA-1132

Nation-state Dormant
Mentions
2
First seen
06 May 2026
Last seen
07 May 2026

Relevant to you · Affects your stack

Technology:
Microsoft Remote Desktop GatewaySiemens TIA Portal
Threat focus:
espionage / apt
Sector / region:
Manufacturing

Origin

Unattributed

Profile

CL-STA-1132 is a threat actor exploiting zero-day vulnerabilities in Palo Alto Networks PAN-OS. Recent reporting indicates exploitation of a flaw in the Captive Portal and a critical buffer overflow in the User-ID Authentication Portal to achieve unauthenticated remote code execution. The group targets systems running PAN-OS, likely for espionage or network compromise. Activities include exploitation of CVE-2026-0300.

Affected vendors

Palo Alto Networks

Targeted sectors

Information Technology

How they operate (MITRE tactics)

Recommended mitigations

Derived from MITRE ATT&CK, mapped to this actor's techniques.

Linked CVEs

Related actors

Share a CVE, technique or malware with this actor.

Activity (8 weeks)

22
23
24
25
26
27
28
29

Recent activity

ESC