This hacking group quietly spied on their targets for 10 years

Image: Shutterstock / Antonio Guillem

Researchers have discovered a stealthy espionage campaign by a most likely China-backed hacking group that has targeted government, education and telecommunication organizations since 2013.     

The attackers used a range of techniques to infect targets with malware, such as via malicious Word documents, fake removable devices leading users to malicious folders, and fake antivirus vendor icons that led to executable files. 

The group relied on users’ familiarity with the Windows folder icons and the File Explorer interface to dupe victims into running malicious executables. Dubbed Aoqin Dragon by researchers at SentinelLabs, the group’s prime targets were organizations in the Asia Pacific (APAC) region, including Australia, Cambodia, Hong Kong, Singapore, and Vietnam.

SEE: Don’t let your cloud cybersecurity choices leave the door open for hackers

SentinelLabs researcher Joey Chen believes Aoqin Dragon is a small Chinese-speaking team that continues to operate today and has used two backdoors that it continues to improve with richer functionality and greater stealth. 

According to Chen, the group between 2012 and 2015 relied heavily on the Office flaws CVE-2012-0158 and CVE-2010-3333 to compromise their targets with a backdoor for remote access. 

These were both critical remote code execution flaws that abused Office support of

Read More: