Operation Dragon Castling
0 incidentes
0 paises
0 sectores
apt CN Ultimo: -
Operation Dragon Castling is a cyber-espionage campaign first publicly reported in March 2022, attributed with moderate confidence to a Chinese-speaking advanced persistent threat group. The group's primary motivation is information theft and espionage, specifically targeting betting and gambling-related companies in Southeast Asia. This group distinguishes itself through the exploitation of previously unknown vulnerabilities in widely used software, such as a zero-day in the WPS Office updater (CVE-2022-24934), to establish and maintain long-term persistent access for intelligence gathering. The group utilizes a robust, modular toolset, including a backdoor with code similarities to FFRat samples.