Security researchers say they have identified another China-linked threat actor targeting Australian and South-East Asian organisations to spy upon them.
Supplied
Named Aoqin Dragon, security vendor SentinelLabs said the hacking group has been active at least 2013.
"The targeting of Aoqin Dragon closely aligns with the Chinese government’s political interests.
"We primarily observed Aoqin Dragon targeting government, education, and telecommunication organisations in Southeast Asia and Australia," SentinelLabs said.
SentinelLabs' analysis of the threat actor's methods shows Aoqin Dragon uses booby-trapped Word documents with political and pornographic themes to trick users to install either the Mongall or Heyoka open source backdoors on their computers.
The threat actors have also used fake anti-virus programs to run malware, and forged removable devices to install malicious code on victims' systems.
Aoqin Dragon has also used domain name system (DNS) tunnelling to avoid detection after compromising systems, the Themida packer malware, and dynamic link library (DLL) hijacking.
The threat actor is expected to continue the espionage operations, and find methods to evade detaction and to establish longer persistence in victim networks.
.png&h=140&w=231&c=1&s=0)
_page-0001.jpg&w=100&c=1&s=0)
Integrate Expo 2025
.png&w=120&c=1&s=0)
Security Exhibition & Conference 2025
Digital As Usual Cybersecurity Roadshow: Brisbane edition
iTnews Benchmark Security Awards 2025
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
