Security News > 2022 > June > A Decade-Long Chinese Espionage Campaign Targets Southeast Asia and Australia

A previously undocumented Chinese-speaking advanced persistent threat actor dubbed Aoqin Dragon has been linked to a string of espionage-oriented attacks aimed at government, education, and telecom entities chiefly in Southeast Asia and Australia dating as far back as 2013.

This involved leveraging old and unpatched security vulnerabilities, with the decoy documents enticing targets into opening the files.

"Although executable files with fake file icons have been in use by a variety of actors, it remains an effective tool especially for APT targets," Chen explained.

"Combined with 'interesting' email content and a catchy file name, users can be socially engineered into clicking on the file."

One of the components in the infection chain is a spreader that copies all malicious files to other removable devices and the second module is an encrypted backdoor that injects itself into rundll32's memory, a native Windows process used to load and run DLL files.

Known to be used since at least 2013, Mongall is described as a not-so "Particularly feature rich" implant but one that packs enough features to create a remote shell and upload and download arbitrary files to and from the attacker-control server.

News URL

https://thehackernews.com/2022/06/a-decade-long-chinese-espionage.html