Security News > 2022 > June > Chinese hacking group Aoqin Dragon quietly spied orgs for a decade
Named Aoqin Dragon, the hacking group is focused on cyber-espionage, targeting government, education, and telecommunication organizations based in Singapore, Hong Kong, Vietnam, Cambodia, and Australia.
Aoqin Dragon has employed three distinct infection chains since it was first spotted, according to SentinelLabs.
From 2018 until now, Aoqin Dragon has turned to using a removable disk shortcut file that, when clicked, performs DLL hijacking and loads an encrypted backdoor payload. The malware runs under the name "Evernote Tray Application" and executes upon system start.
"Based on our analysis of the targets, infrastructure and malware structure of Aoqin Dragon campaigns, we assess with moderate confidence the threat actor is a small Chinese-speaking team with potential association to the Naikon APT group, in addition to UNC94," SentinelLabs said.
Aoqin Dragon managed to stay in the shadows for a decade, with only parts of its operation surfacing in older reports [PDF] by cybersecurity firms.
Considering that its activities align with Chinese government political interests, it's almost certain that Aoqin Dragon will continue its cyber-espionage operations, improving its detection avoidance and switching to new evasion tactics.