Check Point Research has identified a sophisticated Chinese-aligned threat group dubbed Silver Dragon, which demonstrates significant operational overlap with APT41. The group primarily targets government entities across Southeast Asia and Europe using a combination of public-facing server exploitation and targeted phishing campaigns. Once inside a network, Silver Dragon establishes persistence using Cobalt Strike beacons, often masking communication through DNS tunneling to evade traditional network-level detection.
The group's custom toolkit features advanced loaders like MonikerLoader and BamboLoader, alongside specialized malware such as GearDoor, a .NET backdoor that leverages Google Drive for command-and-control. Their post-exploitation capabilities are further enhanced by SilverScreen, a stealthy screen-monitoring implant, and SSHCmd for remote execution. These tools reflect a highly adaptable and well-resourced threat actor that continuously evolves its tactics to maintain long-term access to high-value targets.
Top comments (0)