Researchers Uncover Chinese Hacking Group Spying Organizations

Share post:

Researchers from SentinelLabs have uncovered the activities of a Chinese-speaking threat actor named Aoqin Dragon.

The group’s malicious activity, dating back to 2013, focused on cyber espionage and targeted government, education, and telecommunications organizations based in Singapore, Hong Kong, Vietnam, Cambodia, and Australia.

Since 2012, the gang has used three different infection methods: the first one concerns Microsoft Office documents that exploit known vulnerabilities such as CVE-2012-0158 and CVE-2010-3333.

The second method of infection involves malicious executable files with fake anti-virus icons that trick users into launching them and activating a malware dropper on their devices.

Aoqin Dragon began the third method of infection in 2018. This is a removable disk shortcut file that, when clicked, executes a DLL hijacking and loads an encrypted backdoor payload.

SentinelLabs also identified two different backdoors (Mongall and a modified version of Heyoka) used by the gang. Both backdoors are DLLs that are injected into the memory, decrypted and executed.

The sources for this piece include an article in BleepingComputer.

SUBSCRIBE NOW

Related articles

Hashtag Trending for World Password Day, Thursday, May 2nd, 2024

Security firm Okta warns of an unprecendented password stuffing attack that is piggybacking on regular user’s mobile and...

Google Chrome’s new post-quantum cryptography causes connection issues

The latest update to Google Chrome, version 124, which integrates a new quantum-resistant encryption mechanism, has led to...

UK legislation bans weak passwords

Starting Monday, the UK will enforce new laws banning the sale of devices with weak default passwords such...

Massive Credential Stuffing attack exploits home devices

Okta, a leading authentication service, is raising alarms over a massive credential-stuffing attack that cleverly disguises fraudulent login...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways