A hacking group associated with China has been caught spying on organisations in Australia and throughout Southeast Asia in a decade-long espionage campaign that used pornography to lure people into opening malicious email attachments.
In a recent blog post, cyber security firm Sentinel One dubs the group 'Aoqin Dragon' and says it has been operating since at least 2013.
Aoqin Dragon operates in a way that “closely aligns with the Chinese government’s political interests”, Sentinel One threat intelligence researcher Joey Chen said.
“We primarily observed Aoqin Dragon targeting government, education, and telecommunication organisations in Southeast Asia and Australia,” he wrote.
“Considering this long-term effort and continuous targeted attacks for the past few years, we assess the threat actor’s motives are espionage-oriented.”
Over the years, Aoqin Dragon has developed different techniques for installing backdoors on target systems.
Previously it used old Microsoft Office vulnerabilities hidden in malicious Word documents that were delivered in phishing campaigns.
The “decoy content”, designed to entice victims into opening the documents, included references to Asia-Pacific political affairs like the minutes of international organisations and committees.
It also tricked used pornographically themed documents, like one titled “Canbodian [sic] Sex Weekly”, to entice victims.
More recently, Aoqin Dragon has been tricking users into clicking on a shortcut to a removable device, such as a USB, that triggers an executable for DLL hijacking.
In each instance, the group has compromised machines in order to drop backdoors that let the hackers exfiltrate data about the host system.
Throughout his write-up, Chen made mention of the Chinese language embedded in the code for these exploits and backdoors while command and control servers had been traced back to Beijing.
“We fully expect that Aoqin Dragon will continue conducting espionage operations,” Chen said.
“In addition, we assess it is likely they will also continue to advance their tradecraft, finding new methods of evading detection, and stay longer in their target network.”
Previous Australian governments have taken aim at Chinese hackers for alleged cyber espionage as diplomatic relations between the countries soured in recent years.
The new government has initiated a process of diplomatic repair with defence minister Richard Marles meeting face-to-face with his Chinese counterpart in Singapore over the weekend.
It was the first time in nearly three years that Australian and Chinese ministers have spoken which Marles said was “a critical first step” in improving relations.
“We want to take this in a very sober and deliberate manner. We don’t underestimate the difficulties we’ve had in our bilateral relationship,” he said.
“The fact this is the first meeting at a ministerial level in almost three years is very significant. We will take this in a step-by-step process.”