China’s Silver Dragon Razes Governments in EU, SE Asia

Steven

China’s Silver Dragon Razes Governments in EU, SE Asia

Summary

Check Point Software has tracked an emerging Chinese threat actor called Silver Dragon — likely a spinoff of APT41 — conducting cyber‑espionage against government organisations in Southeast Asia and Europe since at least mid‑2024. The group obtains initial access by exploiting public‑facing internet servers and by sending phishing lures (compressed RAR archives and weaponised LNK attachments). Once inside, Silver Dragon hijacks legitimate Windows services (Service DLL and AppDomain hijacking) to maintain persistence and blend its activity with normal system behaviour.

The group uses a mix of off‑the‑shelf and custom tooling: Cobalt Strike beacons for early footholds, DNS tunnelling to evade detection, and bespoke implants including GearDoor (which uses Google Drive as a covert C2 channel), SSHcmd for remote command and lateral movement, and SilverScreen for periodic screenshot surveillance. Check Point highlights strong tradecraft parallels with APT41 and describes Silver Dragon as adaptable and well resourced.

Key Points

  • Silver Dragon focuses on cyber‑espionage targeting government entities in Southeast Asia and Europe.
  • Initial access vectors include exploited public‑facing servers and phishing with compressed archives or malicious LNK files (BamboLoader).
  • Persistence techniques centre on hijacking legitimate Windows services (Service DLL and AppDomain hijacking) to evade detection.
  • The malware stack includes Cobalt Strike, DNS tunnelling, GearDoor (Google Drive C2), SSHcmd (lateral movement) and SilverScreen (surveillance screenshots).
  • Check Point links Silver Dragon to the APT41 nexus via tooling and operational overlaps; defenders should patch internet‑facing systems, monitor Windows service configurations and ingest the IoCs provided by Check Point.

Why should I read this?

Short and blunt: this is stealthy, targeted espionage aimed at governments — not noise. If you run or secure public‑sector networks, you need to know the tactics and quick wins. We’ve done the digging so you don’t have to: patch externally exposed systems, hunt for service DLL hijacks, and load Check Point’s IoCs into your detection tools pronto. Read the full report if you manage critical infrastructure or government IT — it’s one to take seriously.

Source

Source: https://www.darkreading.com/threat-intelligence/china-silver-dragon-governments-eu-se-asia