Jewelbug, also known as Ink Dragon, is a highly sophisticated threat group targeting government entities across Europe, Asia, and Africa since March 2023. They utilize advanced malware tools like FINALDRAFT and ShadowPad to conduct stealthy intrusions, lateral movements, and data exfiltration, forming a resilient, multi-layered infrastructure. #Jewelbug #InkDragon #FINALDRAFT #ShadowPad #CobaltStrike
Keypoints
- Jewelbug (Ink Dragon) has increased focus on European government targets since July 2025.
- The group uses complex malware techniques, including backdoors like FINALDRAFT and NANOREMOTE, for espionage and control.
- They exploit web application vulnerabilities and misconfigured servers to establish persistence and expand access.
- Multiple malware components and modules enable long-term, resilient control over compromised networks.
- A relay-centric, modular attack infrastructure allows continuous, multi-organizational intrusions.
Read More: https://thehackernews.com/2025/12/china-linked-ink-dragon-hacks.html