Researchers Uncover Chinese Hacking Group Spying Organizations

Researchers from SentinelLabs have uncovered the activities of a Chinese-speaking threat actor named Aoqin Dragon.

The group’s malicious activity, dating back to 2013, focused on cyber espionage and targeted government, education, and telecommunications organizations based in Singapore, Hong Kong, Vietnam, Cambodia, and Australia.

Since 2012, the gang has used three different infection methods: the first one concerns Microsoft Office documents that exploit known vulnerabilities such as CVE-2012-0158 and CVE-2010-3333.

The second method of infection involves malicious executable files with fake anti-virus icons that trick users into launching them and activating a malware dropper on their devices.

Aoqin Dragon began the third method of infection in 2018. This is a removable disk shortcut file that, when clicked, executes a DLL hijacking and loads an encrypted backdoor payload.

SentinelLabs also identified two different backdoors (Mongall and a modified version of Heyoka) used by the gang. Both backdoors are DLLs that are injected into the memory, decrypted and executed.

IT World Canada Staff
IT World Canada Staff
The online resource for Canadian Information Technology professionals.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web