• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

Southeast Asia and Australia Orgs Targeted by Aoqin Dragon Hackers for Ten Years

You are here: Home / General Cyber Security News / Southeast Asia and Australia Orgs Targeted by Aoqin Dragon Hackers for Ten Years
June 10, 2022

A new superior persistent threat (APT) actor dubbed Aoqin Dragon and reportedly primarily based in China, has been joined to quite a few hacking attacks in opposition to govt, instruction and telecom entities mainly in Southeast Asia and Australia because 2013.

The news will come from risk researchers Sentinel Labs, who published a blog post on Thursday describing the 10 years-very long gatherings.

“We assess that the threat actor’s primary target is espionage and relates to targets in Australia, Cambodia, Hong Kong, Singapore, and Vietnam,” wrote Joey Chen, threat intelligence researcher at SentinelOne.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


According to Sentinel Labs, Aoqin Dragon intensely relies on applying doc lures to infect users. 

“There are three exciting details that we discovered from these decoy documents,” Chen wrote.

“First, most decoy content is themed all-around targets who are intrigued in APAC political affairs. Second, the actors made use of lure files themed to pornographic topics to entice the targets. 3rd, in lots of circumstances, the documents are not particular to just one state but instead the entirety of Southeast Asia.”

From a specialized standpoint, the malware works by using a doc exploit, tricking the consumer into opening a weaponized Phrase doc to put in a backdoor. Alternatively, customers are lured into double-clicking a phony antivirus program that executes malware in the victim’s host.

The malware also regularly employs USB shortcut strategies to set up alone on to exterior products and infect added targets. After in the process, the malware has been observed to function as a result of two primary backdoors.

“Attacks attributable to Aoqin Dragon usually drop just one of two backdoors, Mongall and a modified variation of the open resource Heyoka project,” Chen defined.

In conditions of attribution, Sentinel Labs mentioned they arrived across many artifacts linking the activity to a Chinese-talking APT group, together with overlapping infrastructure with a hacking attack targeting Myanmar’s presidential site in 2014.

“The targeting of Aoqin Dragon intently aligns with the Chinese government’s political pursuits,” Chen explained.

“Considering this very long-expression energy and continual specific attacks for the past several a long time, we evaluate the threat actor’s motives are espionage-oriented.”

The Sentinel Labs advisory concludes by warning the global cybersecurity about Aoqin Dragon more.

“We have noticed the Aoqin Dragon group evolve TTPs various moments in get to keep beneath the radar. We entirely assume that Aoqin Dragon will continue on conducting espionage functions. In addition, we assess it is probable they will also continue to advance their tradecraft, getting new techniques of evading detection and remain extended in their target network.”


Some components of this write-up are sourced from:
www.infosecurity-magazine.com

Previous Post: «Cyber Security News Vulnerabilities Targeting InfiRay Thermal Cameras May Result in Industrial Process Hacking
Next Post: #RSAC: The Privacy and Blockchain Paradox Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • WooCommerce Patches Critical Plugin Flaw Affecting Half a Million Sites
  • GitHub Updates Security Protocol For Operations Over SSH
  • Malicious Python Package Uses Unicode Trickery to Evade Detection and Steal Data
  • Some GitHub users must take action after RSA SSH host key exposed
  • THN Webinar: Inside the High Risk of 3rd-Party SaaS Apps
  • Pension Protection Fund confirms employee data exposed in GoAnywhere breach
  • GitHub Swiftly Replaces Exposed RSA SSH Key to Protect Git Operations
  • Now UK Parliament Bans TikTok from its Network and Devices
  • IRS Phishing Emails Used to Distribute Emotet
  • Researchers Uncover Chinese Nation State Hackers’ Deceptive Attack Strategies

Copyright © TheCyberSecurity.News, All Rights Reserved.