Home Hacking News DragonOK Hackers Group From China Is Now Expanding Their Operations

DragonOK Hackers Group From China Is Now Expanding Their Operations

by Unallocated Author

DragonOK, A China-linked hackers group has updated the toolset. Following the new decoy documents they are using to attack, researchers came to a conclusion that the hacker group is expanding their territory to Russia and Tibet.

Earlier in September of 2014, an article is published on the activities of the DragonOK was and it was published by FireEye. For the first time, the security firm said that the group is now focussing on high-tech companies in both Japan and Taiwan and noticed that their goal is to collect money as ransom.In Japan, considered DragonOK’s main target, the group has recently attacked organisations in several industries, including manufacturing, higher education, technology, energy and semiconductor, Palo Alto Networks said in a blog post published on Thursday.

DragonOK has attacked many organisations in Japan, which is now considered as the group’s main target. The list of organisations includes several industries, including manufacturing, technology, energy, higher education and semiconductor, Palo Alto Networks said in a blog post published on Thursday.

A piece of malware used by the hacker named “Sysget,” was delivered to attack in Taiwan. The same security firm has identified three new versions of Sysget and all of them have improved over the previous generation malware which makes them hard to detect and analyse.

Sysget was delivered using phishing emails and it through specially crafted documents set up to exploit CVE-2015-1641, one of the most widely used Microsoft Office vulnerabilities to date. CVE-2015-1641 is known to have been exploited by APT actors that focus on East Asia.

The group also targeted Taiwan with a piece of malware named “IsSpace.” This Trojan is believed to be an evolution of the NFlog backdoor, which has been used by both DragonOK and a different China-based threat group tracked as Moafee. IsSpace was previously seen in a watering hole attack targeting an aerospace company, but the samples spotted recently appear to have been updated.

 

You may also like