Aoqin Dragon  (Back to overview)

aka: UNC94

SentinelLabs has uncovered a cluster of activity beginning at least as far back as 2013 and continuing to the present day, primarily targeting organizations in Southeast Asia and Australia. They assess that the threat actor's primary focus is espionage and relates to targets in Australia, Cambodia, Hong Kong, Singapore, and Vietnam. We track this activity as 'Aoqin Dragon'. The threat actor has a history of using document lures with pornographic themes to infect users and makes heavy use of USB shortcut techniques to spread the malware and infect additional targets. Attacks attributable to Aoqin Dragon typically drop one of two backdoors, Mongall and a modified version of the open source Heyoka project.

Associated Families

There are currently no families associated with this actor.

2022-06-27Socialist Republic of VietnamInformation Department of Information Security
V/v to review and prevent risks attack APT
Aoqin Dragon
2022-06-09Sentinel LABSJoey Chen
Aoqin Dragon | Newly-Discovered Chinese-linked APT Has Been Quietly Spying On Organizations For 10 Years
heyoka mongall Aoqin Dragon

Credits: MISP Project