A threat actor in operation for nearly a decade has targeted government, telecommunication, and education organizations in Australia and Southeast Asia, according to a new report from SentinelOne — in some cases using exploits hidden in pornographic documents.
The cybersecurity firm calls the threat “Aoqin Dragon,” and says it has moderate confidence the actor is a small Chinese-language group engaged in cyber-espionage.
“The targeting of Aoqin Dragon closely aligns with the Chinese government’s political interests,” according to the report. Elements of the infrastructure observed by SentinelLabs, the firm’s research arm, also appear to have overlap with similar actors, per the report.
“Government related sectors are their primary target for sure,” report author Joey Chen told The Record.
The group’s tactics included phishing with documents that could exploit a target’s machine. In some cases, that involved using pornography and sexually explicit lures or materials targetted to be of policy interest in the region.
Researchers are still actively gathering data on various lures used by the group, according to Chen.
The threat actor also spread around to networks by disguising executable malicious programs with fake icons that users could be socially engineered to click, according to the report.
The group regularly appears to change techniques to evade detection, SentinelLabs said, but has in the past relied on a technique known as DLL hijacking to insert malware on machines.
Researchers believe the group remains active, according to Chen.
“We fully expect that Aoqin Dragon will continue conducting espionage operations,” the report noted. “In addition, we assess it is likely they will also continue to advance their tradecraft, finding new methods of evading detection and stay longer in their target network.”
The post Report: Chinese-linked threat used porn to lure victims in Asia and Australia appeared first on The Record by Recorded Future.
Article Link: Report: Chinese-linked threat used porn to lure victims in Asia and Australia - The Record by Recorded Future