skip to Main Content

Cyber Espionage, Aoqin Dragon is under the radar since 2013

Aoqin Dragon: the pro-China APT under the radar since 2013. Sentinel Labs cybersecurity experts: The Group seeks initial access primarily via document lures with pornographic themes and makes heavy use of USB shortcut techniques to spread malware

Aoqin Dragon is a small pro-China APT that flew under the radar for a decade. It has been discovered by Sentinel Labs cybersecurity experts, who believe it is operating since 2013 targeting government, education, and telecommunication organizations in Southeast Asia and Australia. Aoqin Dragon seeks initial access primarily via document lures with pornographic themes to infect users and makes heavy use of USB shortcut techniques to spread the malware and infect additional targets. Attacks typically drop one of two malware: backdoors Mongall and a modified version of the open source Heyoka project. Other techniques the attacker has been observed using include DLL hijacking, Themida-packed files, and DNS tunneling to evade post-compromise detection. The targeting closely aligns with the Chinese government’s political interests. Researchers, considering this long-term effort and continuous targeted attacks for the past few years, assess the threat actor’s motives are cyber espionage-oriented.

Back To Top