Researchers have discovered a tiny but powerful China-linked APT that has been operating in Southeast Asia and Australia for than a decade, waging campaigns against government, education, and telecommunications companies.
According to SentinelLabs researchers, the APT, dubbed Aoqin Dragon, has been active since at least 2013. They described the APT as “a tiny Chinese-speaking crew with possible ties to [an APT dubbed] UNC94.” One of Aoqin Dragon’s strategies and techniques, according to researchers, is to use pornographic-themed infected documents as bait to persuade victims to download them. Researchers claimed that
Aoqin Dragon seeks first access mostly through document exploits and the exploitation of fake portable devices.