"Silver Dragon gains its initial access by exploiting public-facing internet servers and by delivering phishing emails that contain malicious attachments. To maintain persistence, the group hijacks legitimate Windows services, which allows the malware processes to blend into normal system activity."
"Silver Dragon is assessed to be operating within the APT41 umbrella. APT41 is the cryptonym assigned to a prolific Chinese hacking group known for its targeting of healthcare, telecoms, high-tech, education, travel services, and media sectors for cyber espionage as early as 2012."
"The first two infection chains, AppDomain hijacking and Service DLL, show clear operational overlap. They are both delivered via compressed archives, suggesting their use in post‑exploitation scenarios. In several cases, these chains were deployed following the compromise of publicly exposed vulnerable servers."
Silver Dragon is an advanced persistent threat group operating under the APT41 umbrella, a Chinese hacking collective active since 2012. The group primarily targets government entities in Europe and Southeast Asia through multiple attack vectors including exploitation of public-facing internet servers and phishing emails with malicious attachments. Silver Dragon maintains persistence by hijacking legitimate Windows services to evade detection. The group employs Cobalt Strike beacons for command-and-control communications and uses DNS tunneling to bypass security measures. Three distinct infection chains have been identified: AppDomain hijacking, service DLL, and email-based phishing, with the first two delivered via compressed archives in post-exploitation scenarios.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]