❌

Reading view

Autumn Dragon: China-nexus APT Group Targets South East Asia

In this report, we describe how we tracked for several months a sustained espionage campaign against the government, media, and news sectors in several countries including Laos, Cambodia, Singapore, the Philippines and Indonesia.


Since early 2025, China’s involvement in the Indo-Pacific has been more prolific, from escalating maritime tensions, to being peacebroker in Myanmar’s military junta and more recently, espionage activities on joint exercises the Philippines naval forces have been conducting together with the US, Australia, Canada and New Zealand.

The attacker, which we believe is a China-nexus threat actor, showcases a love of DLL sideloading techniques in order to compromise their targets of interest. Governments and media are high-value targets because they shape policy, public opinion, and international alignment.

The report details the full attack chain of one particular compromise we discovered, and goes further into detail on victimology, other campaigns and finally lists indicators of compromise.

Β Link to the report: https://cyberarmor.tech/blog/autumn-dragon-china-nexus-apt-group-targets-south-east-asiaΒ 

  •  

New North Korean based backdoor packs a punch

Β 

In recent months, North Korean based threat actors have been ramping up attack campaigns in order to achieve a myriad of their objectives, whether it be financial gain or with espionage purposes in mind. The North Korean cluster of attack groups is peculiar seeing there is quite some overlap with one another, and it is not always straightforward to attribute a specific campaign to a specific threat actor.

In this research paper we analyse a new threat campaign, discovered in late May, and which features multiple layers and ultimately delivers a seemingly new and previously undocumented backdoor.

The threat campaign is specifically focused on Aerospace and Defense companies: sectors appealing to multiple threat actors, but of particular interest to North Korean threat groups in other recent campaigns. We have named this threat campaign β€œNiki” as it refers to the potential malware developer(s).

Read the report here: https://cyberarmor.tech/new-north-korean-based-backdoor-packs-a-punch/

Direct link to report, PDF: https://cyberarmor.tech/wp-content/uploads/2024/06/New-North-Korean-based-backdoor-packs-a-punch.pdf

  •  
❌