"Chinese Cyberspy Group 'Aoqin Dragon' Targeting Southeast Asia, Australia Since 2013"
Security researchers at SentinelOne have analyzed the operations of a Chinese cyberespionage group that has been actively targeting education, government, and telecommunication organizations in Australia and Southeast Asia since at least 2013. The researchers dubbed the group Aoqin Dragon. The group was observed switching from the use of malicious documents to employing a fake antivirus, and more recently using a fake removable drive to lure intended victims into installing malware on their systems. The researchers stated that the group heavily relies on the USB shortcut technique to infect additional targets. The group typically drops one of two backdoors on a compromised system, namely Mongall or a modified variant of Heyoka. According to the researchers, the ongoing Aoqin Dragon activity has focused on spying on organizations in Australia, Cambodia, Hong Kong, Singapore, and Vietnam. Between 2012 and 2015, it mainly targeted victims with malicious documents exploiting CVE-2012-0158 and CVE-2010-3333. The researchers stated that the targeting of Aoqin Dragon closely aligns with the Chinese government’s political interests. Considering this long-term effort and continuous targeted attacks for the past few years, the researchers assess the threat actor’s motives are espionage-oriented.