Rankiteo Logo
Rankiteo
Leader in Cyber Underwriting
Loading...
NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop
WindowsmacOSLinux
Download
Southeast Asia Public Policy Institute

Southeast Asia Public Policy Institute Vendor Cyber Rating & Cyber Score

seapublicpolicy.org

The Southeast Asia Public Policy Institute is a research institute based in Singapore and Bangkok, working across Southeast Asia, one of the world’s most dynamic regions. Our mission is to support the development of solutions to the most pressing public policy challenges facing Southeast Asia in the 21st century. The Institute undertakes in-depth research to develop actionable policy solutions, aimed at policymakers looking to move the needle on key issues. We convene dialogues with stakeholders and decisionmakers to drive discussion on the challenges and opportunities facing markets across the region. The Institute is founded on the premise that direct connection and candid, informed dialogue is crucial for both policymakers and


SAPPI A.I CyberSecurity Scoring

SAPPI
Company Information
Website:https://www.seapublicpolicy.org
Employees number:4
Number of followers:1,708
NAICS:54172
Industry Type:Think Tanks
Homepage:seapublicpolicy.org
SAPPI Risk Score (AI oriented)
Between 700 and 749
logo
SAPPIThink Tanks
Updated:
02/04/2026
738/1000
Moderate
Ba
AaaAaABaaBaBCaaCaC
Powered by our proprietary A.I cyber incident model
Insurance prefers TPRM score to calculate premium
SAPPI Global Score (TPRM)
xxxx
logo
SAPPIThink Tanks
•••
Score locked
Instant access to detailed risk factors
Vulnerabilities
Benchmark vs. industry & size peers
Findings

SAPPI
SAPPIModerate
Current Score
738Ba (MODERATE)
01000
1 incidents
0 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
739Before Incident
JUNE 2026
739Before Incident
MAY 2026
738Before Incident
APRIL 2026
738Before Incident
MARCH 2026
738Before Incident
FEBRUARY 2026
737Before Incident
JANUARY 2026
737Before Incident
DECEMBER 2025
737Before Incident
NOVEMBER 2025
736Before Incident
OCTOBER 2025
736Before Incident
SEPTEMBER 2025
735Before Incident
AUGUST 2025
735Before Incident
JANUARY 2025
748Before Incident
Cyber Attack
01 Jan 2025SAPPI
Government entities in Southeast Asia and Europe: HoneyMyte Hacker Group Expands CoolClient Malware With New Advanced Toolset

HoneyMyte APT Expands Cyber-Espionage Operations with Advanced Malware Upgrades in 2025

730After Incident
CRITICAL-18
SOU1770159284
HoneyMyte APT Expands Cyber-Espionage Operations with Advanced Malware Upgrades in 2025 The HoneyMyte APT group (also known as Mustang Panda or Bronze President) has intensified its cyber-espionage campaigns across Asia and Europe, with Southeast Asia as the primary target. Active in 2025, the group has significantly upgraded its malware arsenal, focusing on government entities with enhanced tools for data exfiltration and system reconnaissance. ### Evolved Malware Capabilities HoneyMyte’s toolkit includes the ToneShell kernel-mode rootkit, PlugX and Qreverse backdoors, CoolClient backdoor, and Tonedisk/SnakeDisk USB worms. The group has refined existing malware while introducing new post-exploitation tools, particularly the CoolClient backdoor, which has undergone major functional upgrades. #### CoolClient Backdoor Enhancements First identified in 2022, CoolClient has evolved with new features in its 2025 variant, including: - Clipboard monitoring – Captures user data (window titles, process IDs, timestamps) via `GetClipboardData` and `GetWindowTextW` APIs, encrypting logs with XOR (key `0xAC`) and storing them at `C:\ProgramData\AppxProvisioning.xml`. - HTTP proxy credential sniffing – Intercepts raw network traffic, extracting Proxy-Authorization headers and decoding Base64-encoded credentials for exfiltration. - DLL sideloading abuse – Leverages legitimate software (e.g., Sangfor applications, BitDefender, VLC Media Player) to execute malicious payloads. - Persistence mechanisms – Uses registry modifications and a scheduled task (`ComboxResetTask`) for long-term access. - Privilege escalation – Supports UAC bypass via a `passuac` mode. Core functionalities remain, including system reconnaissance, file manipulation, keylogging, TCP tunneling, and reverse proxy operations. #### Plugin Ecosystem & Browser Credential Theft CoolClient now supports three dedicated plugins: - FileMgrS.dll – Advanced file management. - RemoteShellS.dll – Remote command execution via hidden `cmd.exe` processes. - ServiceMgrS.dll – Windows service enumeration and manipulation. HoneyMyte also deployed three browser credential stealers targeting Chrome, Microsoft Edge, and Chromium-based browsers, extracting saved logins using Windows DPAPI to decrypt master keys. One variant (Variant C) dynamically accepts runtime arguments for flexible targeting across different browser installation paths. ### Supporting Tools & Data Exfiltration The group employs PowerShell and batch scripts for system enumeration and document theft: - 1.bat – Downloads compression tools, scans networks, collects system data, and exfiltrates via FTP. - Ttraazcs32.ps1 – Searches for recently modified documents across all drives. - t.ps1 – Targets browser credential files, compresses data, and uploads to Pixeldrain using hardcoded API tokens. ### Impact & Targeting HoneyMyte’s 2025 operations reflect increased sophistication, with a focus on government networks in Southeast Asia and Europe. The group’s expanded toolset particularly CoolClient’s new credential-stealing and clipboard-monitoring features poses a heightened risk for data breaches and persistent access. Defenders are advised to monitor for CoolClient variants, PlugX, ToneShell, and associated malware families in high-risk regions.
INCIDENT DETAILS -
TYPE
Cyber-Espionage
MOTIVATION
Cyber-Espionage
IMPACT
Data Compromised: Government and sensitive organizational data, browser credentials, clipboard data, system reconnaissance dataSystems Affected: Government networks, Windows-based systemsOperational Impact: Persistent access, data exfiltration, system reconnaissanceIdentity Theft Risk: High (due to credential theft and PII exposure)
DATA BREACH
Browser credentialsClipboard dataSystem reconnaissance dataDocument filesSensitivity Of Data: High (government and organizational data)Data Encryption: XOR (key 0xAC) for logs, Windows DPAPI for browser credentialsDocumentsBrowser credential files

Frequently Asked Questions

?
What is the current A.I Rankiteo Cyber Score for SAPPI ?
?
What was SAPPI's A.I Rankiteo Cyber Score in June 2026 ?
?
What was SAPPI's A.I Rankiteo Cyber Score in May 2026 ?
?
What was SAPPI's A.I Rankiteo Cyber Score in April 2026 ?
?
What was SAPPI's A.I Rankiteo Cyber Score in March 2026 ?
?
What was SAPPI's A.I Rankiteo Cyber Score in February 2026 ?
?
What was SAPPI's A.I Rankiteo Cyber Score in January 2026 ?
?
What was SAPPI's A.I Rankiteo Cyber Score in December 2025 ?
?
What was SAPPI's A.I Rankiteo Cyber Score in November 2025 ?
?
What was SAPPI's A.I Rankiteo Cyber Score in October 2025 ?
?
What was SAPPI's A.I Rankiteo Cyber Score in September 2025 ?
?
What was SAPPI's A.I Rankiteo Cyber Score in August 2025 ?
?
What is the average per-incident point impact on SAPPI's A.I Rankiteo Cyber Score over the past 12 months ?
?
Where can I access detailed records of all cyber incidents associated with SAPPI ?
?
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ?
?
Where can I view SAPPI's profile page on Rankiteo ?
?
How accurate is the A.I Rankiteo Risk Scoring methodology ?