New China-linked hacker group spies on governments in Southeast Asia, Japan
The group, LongNosedGoblin, has been active since at least September 2023 and was uncovered after researchers detected new malware strains inside the network of a Southeast Asian government last year.
A previously unknown, China-aligned hacker group has been targeting government institutions across Southeast Asia and Japan, according to new research.
The group, which Slovak cybersecurity firm ESET named LongNosedGoblin, has been active since at least September 2023 and was uncovered after the company detected new malware strains inside the network of a Southeast Asian government last year.
What sets LongNosedGoblin apart from other known China-linked threat actors is its reliance on the Group Policy, a legitimate Windows feature normally used by system administrators to enforce rules across large networks. The hackers abused this feature to deploy malware and move laterally across targeted systems.
Source: https://therecord.media/china-linked-hacker-group-spied-on-asian-govs
Related breach coverage
- China-linked hackers targeted Mongolian government using Slack, Discord for covert communications2026-04-23
The group, which researchers at cybersecurity firm ESET named GopherWhisper, has been active since at least November 2023 and was discovered in January 2025 after investigators found a previously unknown backdoor on the network of a Mongolian government institution.
- China-linked Red Menshen APT deploys stealthy BPFDoor implants in telecom networks2026-03-27
China-linked Red Menshen APT group used stealthy BPFDoor implants in telecom networks to spy on government targets. Rapid7 Labs uncovered a China-linked threat group known as Red Menshen has been running a long-term espionage campaign by infiltrating telecom networks, mainly in the Middle East and Asia. Active since at least 2021, the group uses highly […]
- From phishing to Google Drive C2: Silver Dragon expands APT41 playbook2026-03-04
APT group Silver Dragon, linked to APT41, targets governments via server exploits and phishing, using Cobalt Strike and Google Drive for C2. Check Point researchers have identified Silver Dragon, an APT group tied to the China-linked group APT41, targeting government entities in Europe and Southeast Asia since mid-2024. The group gains initial access by exploiting […]
- CL-STA-1087 targets military capabilities since 20202026-03-17
China-linked APT group CL-STA-1087 has targeted Southeast Asian militaries since 2020 using AppleChris and MemFun. A suspected China-linked espionage campaign, tracked as CL-STA-1087, has targeted Southeast Asian military organizations since at least 2020, using AppleChris and MemFun malware. “The activity demonstrated strategic operational patience and a focus on highly targeted intelligence collection, rather than bulk […]