Security News > 2022 > June > Chinese 'Aoqin Dragon' gang runs undetected ten-year espionage spree

Threat researcher Joey Chen of Sentinel Labs says he's spotted a decade worth of cyber attacks he's happy to attribute to a single Chinese gang.

Chen has named the group Aoqin Dragon, says its goal is espionage, and that it prefers targets in Australia, Cambodia, Hong Kong, Singapore, and Vietnam.

The gang is fond of attacks that start by inducing users to open poisoned Word documents that install a backdoor - often a threat named Mongall or a modified version of the open source Heyoka project.

Once the gang compromises a machine, it seeks wider network access so the gang can find juicy info.

Chen wrote that he's seen Aoqin Dragon target "Government, education, and telecommunication organizations."

"The targeting of Aoqin Dragon closely aligns with the Chinese government's political interests," he wrote, adding "Considering this long-term effort and continuous targeted attacks for the past few years, we assess the threat actor's motives are espionage-oriented."

News URL

https://go.theregister.com/feed/www.theregister.com/2022/06/10/aoqin_dragon_china_apt/