A suspected China-nexus threat actor (Unit 42 attribution, medium confidence) has maintained persistent access in Southeast Asian military networks for multiple years using custom backdoors, with TTPs spanning masquerading, process injection, valid account abuse, application-layer C2, data staging, and custom malware development (T1587.001); no CVEs are assigned as no specific vulnerabilities have been identified in available reporting. The campaign is assessed as active and ongoing, posing an espionage threat to defense and government organizations operating in the Indo-Pacific region. Organizations in this sector should audit privileged and service accounts for anomalous authentication, hunt for custom persistence mechanisms and process injection events in EDR telemetry, enhance logging of C2-consistent traffic patterns, and consider engaging national CERT or sector ISAC for threat intelligence sharing.