Previously Undiscovered Team of State-Sponsored Chinese Hackers, Has Been Quietly Committing Cyber Espionage in the APAC Region for a Decade
A new advanced persistent threat (APT) group linked to China has been discovered by SentinelLabs, but only after conducting cyber espionage campaigns under the radar since 2013. The Chinese hackers have been given the name “Aoqin Dragon,” appear to specialize in targeting the Asia Pacific region and likes to lure victims with malicious documents that appear to be salacious ads for pornography sites.
Stealthy Chinese hackers focused on Australia and Southeast Asia
The cyber espionage group is thought to have been in action since at least 2013, with a heavy focus on certain APAC countries and regions: Australia, Cambodia, Hong Kong, Singapore, and Vietnam. The group also focuses in on government agencies, educational institutions and telecommunications firms, and appears to target individuals involved in political affairs.
The group’s favorite approach is a fairly simple one, and has remained consistent over the years: get the victim to open malicious documents, such as PDF and RTF files. Since 2018 the group has also been observed utilizing fake removable devices via bogus shortcut files delivered to victims using Windows computers; when targets attempt to open the fake device in Windows Explorer, the Evernote Tray Application is hijacked to load a malicious DLL that quietly creates a backdoor for the attackers. The group has also been observed using fake antivirus executables.
The Chinese hackers have shown some connections to another threat group, referred to as “UNC94” (or “Naikon”) by Mandiant, that has been tracked for some years now and has also shown links to the Chinese government in its operations. Both groups employ advanced tactics, such as DNS tunneling and the use of Themida-packed files to create a virtual machine that can evade most malware detection.
The link to the Chinese government is based primarily on the group’s use of Chinese language in its malware and the targets of its cyber espionage, which are almost always of clear political interest to the CCP. The group is also not noted for engaging in the for-profit activities or target selection that would be expected of a criminal outfit.
