"A previously undocumented China-aligned threat cluster dubbed LongNosedGoblin has been attributed to a series of cyber attacks targeting governmental entities in Southeast Asia and Japan. The end goal of these attacks is cyber espionage, Slovak cybersecurity company ESET said in a report published today. The threat activity cluster has been assessed to be active since at least September 2023. "LongNosedGoblin uses Group Policy to deploy malware across the compromised network, and cloud services (e.g., Microsoft OneDrive and Google Drive) as command and control (C&C) servers," security researchers Anton Cherepanov and Peter Strýček said."
"The attacks are characterized by the use of a varied custom toolset that mainly consists of C#/.NET applications - NosyHistorian, to collect browser history from Google Chrome, Microsoft Edge, and Mozilla Firefox NosyDoor, a backdoor that uses Microsoft OneDrive as C&C and executes commands that allow it to exfiltrate files, delete files, and execute shell commands NosyStealer, to exfiltrate browser data from Google Chrome and Microsoft Edge to Google Drive in the form of an encrypted TAR archive"
LongNosedGoblin is a China-aligned threat cluster that has targeted governmental entities in Southeast Asia and Japan with the objective of cyber espionage. The cluster has been active since at least September 2023. The group uses Group Policy to distribute malware across compromised Windows networks and leverages cloud services such as Microsoft OneDrive and Google Drive as command-and-control channels. The weaponized toolset consists primarily of C#/.NET components including browser-history collectors, backdoors that exfiltrate and delete files, data stealers that upload encrypted archives to cloud storage, downloaders, and a keystroke logger.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]