Australian organisations targeted by Aoqin Dragon hackers for a decade

By on
Australian organisations targeted by Aoqin Dragon hackers for a decade
Aoqin Dragon lure document.

Telcos, governments, and academia spied upon by Chinese threat actor.

Security researchers say they have identified another China-linked threat actor targeting Australian and South-East Asian organisations to spy upon them.

Named Aoqin Dragon, security vendor SentinelLabs said the hacking group has been active at least 2013.

"The targeting of Aoqin Dragon closely aligns with the Chinese government’s political interests.

"We primarily observed Aoqin Dragon targeting government, education, and telecommunication organisations in Southeast Asia and Australia," SentinelLabs said.

SentinelLabs' analysis of the threat actor's methods shows Aoqin Dragon uses booby-trapped Word documents with political and pornographic themes to trick users to install either the Mongall or Heyoka open source backdoors on their computers.

The threat actors have also used fake anti-virus programs to run malware, and forged removable devices to install malicious code on victims' systems.

Aoqin Dragon has also used domain name system (DNS) tunnelling to avoid detection after compromising systems, the Themida packer malware, and dynamic link library (DLL) hijacking.

The threat actor is expected to continue the espionage operations, and find methods to evade detaction and to establish longer persistence in victim networks.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © . All rights reserved.

Most Read Articles

Log In

  |  Forgot your password?