A new China-aligned hacker group called LongNosedGoblin has been targeting Southeast Asian and Japanese government institutions since September 2023, using sophisticated tactics like abusing Group Policy. Their malware arsenal includes NosyHistorian, NosyDoor, and other tools designed for data theft, lateral movement, and targeted attacks. #LongNosedGoblin #NosyHistorian #NosyDoor #GroupPolicy
Keypoints
- LongNosedGoblin is a previously unknown China-linked hacker group active since September 2023.
- The group exploits Windows’ Group Policy feature to deploy malware and move within networks.
- Their primary malware, NosyHistorian, collects browser history to identify high-value targets.
- NosyDoor, a backdoor malware, is used for targeted compromise and appears to be offered commercially.
- Additional tools include NosyStealer, NosyDownloader, and NosyLogger, which facilitate data exfiltration and malicious payload execution.
Read More: https://therecord.media/china-linked-hacker-group-spied-on-asian-govs