A new China-linked threat group called LongNosedGoblin has been targeting government agencies in Southeast Asia and Japan for cyber espionage since September 2023. The group employs advanced tools and techniques, including Group Policy, cloud services, and custom malware, to infiltrate and spy on victims. #LongNosedGoblin #CyberEspionage
Keypoints
- LongNosedGoblin is a China-aligned threat cluster active since September 2023, targeting Southeast Asian and Japanese governments.
- The group uses Group Policy to deploy malware and leverage cloud services like Microsoft OneDrive and Yandex Disk for command and control.
- Tools utilized by the threat actors include custom C#/.NET applications such as NosyHistorian, NosyDoor, NosyStealer, NosyDownloader, and NosyLogger.
- Different variants of NosyDoor malware indicate a targeted approach and possible sharing among multiple Chinese threat groups.
- Connections to other clusters like ToddyCat and Erudite Mogwai are uncertain, but similar tradecraft suggests collaboration or common origin.
Read More: https://thehackernews.com/2025/12/china-aligned-threat-group-uses-windows.html