“We have observed the Aoqin Dragon group evolve TTPs several times in order to stay under the radar. The Sentinel Labs advisory concludes by warning the global cybersecurity about Aoqin Dragon further.
“Considering this long-term effort and continuous targeted attacks for the past few years, we assess the threat actor’s motives are espionage-oriented.”
“The targeting of Aoqin Dragon closely aligns with the Chinese government’s political interests,” Chen said. In terms of attribution, Sentinel Labs said they came across several artifacts linking the activity to a Chinese-speaking APT group, including overlapping infrastructure with a hacking attack targeting Myanmar’s presidential website in 2014. “Attacks attributable to Aoqin Dragon typically drop one of two backdoors, Mongall and a modified version of the open source Heyoka project,” Chen explained. Once in the system, the malware has been observed to operate through two main backdoors.
#DOUBLE DRAGON ADVANCE MOVES LIST INSTALL#
The malware also regularly uses USB shortcut techniques to install itself onto external devices and infect additional targets. Alternatively, users are lured into double-clicking a fake antivirus program that executes malware in the victim’s host. Third, in many cases, the documents are not specific to one country but rather the entirety of Southeast Asia.”įrom a technical standpoint, the malware uses a document exploit, tricking the user into opening a weaponized Word document to install a backdoor. Second, the actors made use of lure documents themed to pornographic topics to entice the targets. “First, most decoy content is themed around targets who are interested in APAC political affairs. “There are three interesting points that we discovered from these decoy documents,” Chen wrote. “We assess that the threat actor’s primary focus is espionage and relates to targets in Australia, Cambodia, Hong Kong, Singapore, and Vietnam,” wrote Joey Chen, threat intelligence researcher at SentinelOne.Īccording to Sentinel Labs, Aoqin Dragon heavily relies on using document lures to infect users. The news comes from threat researchers Sentinel Labs, who published a blog post on Thursday describing the decade-long events. A new advanced persistent threat (APT) actor dubbed Aoqin Dragon and reportedly based in China, has been linked to several hacking attacks against government, education and telecom entities mainly in Southeast Asia and Australia since 2013.