What's Happening?
A newly identified advanced persistent threat (APT) group, LongNosedGoblin, originating from China, has been targeting government entities in Southeast Asia and Japan. According to ESET, the group has been active
since at least September 2023. LongNosedGoblin employs a variety of tools, including a C#/.NET application called NosyHistorian, to collect browser history from victims. If a target is deemed valuable, the group deploys the NosyDoor backdoor, which uses Microsoft OneDrive for command-and-control operations. The group also utilizes other tools like NosyStealer for data exfiltration and NosyDownloader for payload delivery. The APT's activities are primarily focused on cyberespionage, with overlaps in targeting with other known groups like ToddyCat.
Why It's Important?
The activities of LongNosedGoblin highlight the ongoing threat of cyberespionage from state-sponsored actors, particularly those aligned with China. Such operations can compromise sensitive government data, potentially impacting national security and diplomatic relations. The use of sophisticated tools and techniques, such as living-off-the-land methods and bypassing security interfaces, underscores the evolving nature of cyber threats. This development is significant for cybersecurity professionals and government agencies, emphasizing the need for robust security measures and international cooperation to counteract such threats.
What's Next?
As LongNosedGoblin continues its operations, affected governments and organizations may need to enhance their cybersecurity defenses and incident response strategies. International collaboration and intelligence sharing could be crucial in mitigating the impact of such cyber threats. Additionally, further research and monitoring by cybersecurity firms like ESET will be essential to understand the group's tactics and develop effective countermeasures.
