A new superior persistent threat (APT) actor dubbed Aoqin Dragon and reportedly primarily based in China, has been joined to quite a few hacking attacks in opposition to govt, instruction and telecom entities mainly in Southeast Asia and Australia because 2013.
The news will come from risk researchers Sentinel Labs, who published a blog post on Thursday describing the 10 years-very long gatherings.
“We assess that the threat actor’s primary target is espionage and relates to targets in Australia, Cambodia, Hong Kong, Singapore, and Vietnam,” wrote Joey Chen, threat intelligence researcher at SentinelOne.
According to Sentinel Labs, Aoqin Dragon intensely relies on applying doc lures to infect users.
“There are three exciting details that we discovered from these decoy documents,” Chen wrote.
“First, most decoy content is themed all-around targets who are intrigued in APAC political affairs. Second, the actors made use of lure files themed to pornographic topics to entice the targets. 3rd, in lots of circumstances, the documents are not particular to just one state but instead the entirety of Southeast Asia.”
From a specialized standpoint, the malware works by using a doc exploit, tricking the consumer into opening a weaponized Phrase doc to put in a backdoor. Alternatively, customers are lured into double-clicking a phony antivirus program that executes malware in the victim’s host.
The malware also regularly employs USB shortcut strategies to set up alone on to exterior products and infect added targets. After in the process, the malware has been observed to function as a result of two primary backdoors.
“Attacks attributable to Aoqin Dragon usually drop just one of two backdoors, Mongall and a modified variation of the open resource Heyoka project,” Chen defined.
In conditions of attribution, Sentinel Labs mentioned they arrived across many artifacts linking the activity to a Chinese-talking APT group, together with overlapping infrastructure with a hacking attack targeting Myanmar’s presidential site in 2014.
“The targeting of Aoqin Dragon intently aligns with the Chinese government’s political pursuits,” Chen explained.
“Considering this very long-expression energy and continual specific attacks for the past several a long time, we evaluate the threat actor’s motives are espionage-oriented.”
The Sentinel Labs advisory concludes by warning the global cybersecurity about Aoqin Dragon more.
“We have noticed the Aoqin Dragon group evolve TTPs various moments in get to keep beneath the radar. We entirely assume that Aoqin Dragon will continue on conducting espionage functions. In addition, we assess it is probable they will also continue to advance their tradecraft, getting new techniques of evading detection and remain extended in their target network.”
Some components of this write-up are sourced from: