PETALING JAYA: The National Cyber Security Agency (Nacsa) is currently investigating alleged incidents of cyber-espionage activity targeting various Malaysian government entities.

In a statement to StarLifestyle, a Nacsa spokesperson said the agency is aware of a report published by Unit 42, the threat research unit of US-based cybersecurity firm Palo Alto Networks.

The Nacsa spokesperson said the agency received the relevant intelligence related to the alleged activity from Palo Alto Networks' Unit 42 prior to the report's publication, and moved to address the alleged attacks in accordance with its established national cybersecurity incident handling process.

"Since September 2025, Nacsa has been monitoring the situation and has taken the necessary precautionary and investigative measures in coordination with the relevant entities.

"Ongoing assessments are being conducted using both internal intelligence and technical analysis to validate and contextualise the findings outlined in the Palo Alto Networks report.

"Nacsa remains engaged with the appropriate stakeholders to ensure that any identified risks are managed and that the affected entities' network environments continue to be safeguarded.

"Nacsa will continue to monitor the developments closely and take further action where necessary," the agency's spokesperson said, adding that while no adverse impact was found, the agency would continue investigations into the matter.

The Unit 42 report alleged that a cyber-espionage group designated as TGR-STA-1030 had compromised several government departments and ministries in an attempt to steal immigration and economic intelligence data.

It further claimed that the group also compromised "a large private financial entity in Malaysia that provides microloans in support of low-income households and small businesses".

Unit 42 said it assesses with high confidence that the TGR-STA-1030 group is state-aligned and operates out of Asia, while alleging that it conducted "active reconnaissance" against government infrastructure in 155 countries between November and December 2025.

Alongside Malaysia, the cybersecurity research group believes the activity also targeted government infrastructure in Afghanistan, Bangladesh, India, Indonesia, Japan, Mongolia, Papua New Guinea, Saudi Arabia, Sri Lanka, South Korea, Taiwan, Thailand, Uzbekistan and Vietnam.