ESET Research uncovered a new China-aligned threat group, LongNosedGoblin, exploiting Windows Group Policy for malware deployment and lateral movement in government networks. The group uses cloud services like OneDrive and Google Drive for command and control, deploying sophisticated surveillance tools to conduct long-term espionage. #LongNosedGoblin #GroupPolicy #EspionageTools
Keypoints
- The threat group targets government institutions in Southeast Asia and Japan, with activity traced back to September 2023.
- LongNosedGoblin abuses Windows Group Policy to spread malware across networks silently and efficiently.
- The malware infrastructure incorporates cloud platforms like OneDrive and Google Drive for command and control to evade detection.
- Multiple tools, including NosyHistorian and NosyDoor, gather browsing data, system details, and execute commands for ongoing surveillance.
- The campaign employs advanced tools such as remote proxies and video recording utilities to enhance espionage capabilities.
Read More: https://www.helpnetsecurity.com/2025/12/18/eset-china-aligned-apt-group-policy/