Cyber Security News

Operation DRAGONCLONE: China Mobile Tietong Hit by Advanced APT Attack

CybersecurityNews
Operation DRAGONCLONE: China Mobile Tietong Hit by Advanced APT Attack
Seqrite Labs uncovered Operation DRAGONCLONE, a sophisticated Chinese cyber campaign targeting China Mobile Tietong using DLL sideloading, anti-sandbox techniques, and advanced malware like VELETRIX and VShell. The operation demonstrates extensive reuse of infrastructure and tools, highlighting persistent threats from China-aligned groups. #VELETRIX #EarthLamia

Keypoints

  • The campaign targets China Mobile Tietong using DLL sideloading with decoy files.
  • VELETRIX employs anti-sandbox evasion techniques such as Sleep and Beep APIs.
  • VShell, a modular implant, supports C2 communication via TCP and Go programming language.
  • 44 variants of implants share a common encryption salt, indicating a widespread operation.
  • Infrastructure reuse aligns this campaign with Chinese threat actor groups UNC5174 and Earth Lamia.

Read More: https://securityonline.info/operation-dragonclone-china-mobile-tietong-hit-by-advanced-apt-attack/

Views: 41

Tags: MOBILE, WINDOWS, PAYLOAD, PERSISTENCE, APT, LINUX, CVE, CHINA