What's Happening?
A newly identified advanced persistent threat (APT) group, known as LongNosedGoblin, has been actively targeting government entities across Southeast Asia and Japan. According to ESET, this group has been operational since at least September 2023. LongNosedGoblin is notable
for its use of Group Policy to deploy malware and move laterally within compromised networks. The group employs a variety of tools, including a C#/.NET application called NosyHistorian, which collects browser history from victims. If a target is deemed valuable, the group deploys the NosyDoor backdoor, utilizing Microsoft OneDrive for command-and-control operations. The backdoor employs AppDomainManager injection, a technique that allows it to bypass security measures. Other tools in their arsenal include NosyStealer for data exfiltration, NosyDownloader for payload delivery, and NosyLogger, a keylogger. The group has been observed using these tools in a fresh wave of attacks since September 2025, focusing on cyberespionage activities.
Why It's Important?
The activities of LongNosedGoblin highlight the ongoing threat of cyberespionage, particularly from state-aligned actors. The group's focus on government entities in Southeast Asia and Japan underscores the geopolitical tensions in the region and the strategic importance of these targets. The use of sophisticated tools and techniques, such as living-off-the-land methods and advanced malware, indicates a high level of capability and intent to gather sensitive information. This poses significant risks to national security and the integrity of governmental operations. The overlap in targeting with other known groups like ToddyCat and similarities in tooling with Erudite Mogwai suggest a coordinated effort among China-aligned threat actors, raising concerns about the broader implications for international cybersecurity.
What's Next?
As LongNosedGoblin continues its operations, affected governments and organizations are likely to enhance their cybersecurity measures to detect and mitigate such threats. International cooperation and intelligence sharing may increase to counteract the activities of this and similar groups. Cybersecurity firms and government agencies will likely focus on developing and deploying advanced detection and response strategies to protect critical infrastructure and sensitive information. The ongoing evolution of cyber threats will necessitate continuous adaptation and innovation in cybersecurity practices.
