www.welivesecurity.com
LongNosedGoblin and UAT-8302: New China-Aligned APT Threats Targeting Governments
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
In 2024, ESET identified a new China-aligned APT group named LongNosedGoblin, which targets governmental entities in Southeast Asia and Japan. The group employs a custom toolset, primarily using C#/.NET applications, to conduct cyberespionage. Key tools include NosyDoor, a backdoor utilizing Microsoft OneDrive for command and control, and NosyHistorian, which collects browser history to inform further attacks. Concurrently, Talos reported on UAT-8302, another China-nexus APT group, which uses similar tactics and tools, including the malware NetDraft, also known as NosyDoor. Both groups are linked through their use of advanced malware and tactics for credential extraction and network proliferation. The campaigns indicate a coordinated effort to maintain long-term access to sensitive government systems. The ongoing threat remains significant, with multiple victims affected across different regions.
Key Points: • LongNosedGoblin targets Southeast Asian and Japanese governmental entities using custom malware. • UAT-8302 is linked to LongNosedGoblin through shared tools like NosyDoor/NetDraft. • Both APT groups utilize advanced techniques for lateral movement and data exfiltration.