malware🌍Asia-PacificThe Hacker News
China-Aligned Threat Group Uses Windows Group Policy to Deploy Espionage Malware
Thursday, December 18, 2025
What
The LongNosedGoblin threat group has conducted cyber attacks using a custom toolset to deploy malware and exfiltrate sensitive information from targeted government organizations.
Where
Southeast Asia and Japan
When
Active since at least September 2023, with initial detection in February 2024.
Key Factors
- •Use of Group Policy for malware deployment
- •Malware variants include NosyHistorian, NosyDoor, and NosyStealer
- •Cloud services like Microsoft OneDrive and Google Drive used for command and control
Takeaways
- →Organizations should enhance monitoring of Group Policy changes to detect unauthorized deployments.
- →The use of cloud services for C&C highlights the need for robust security measures around cloud integrations.
- →Regular audits and updates of security protocols can mitigate risks from advanced persistent threats.
Read Full Article
Opens original article on The Hacker News
