back to article Chinese 'Aoqin Dragon' gang runs undetected ten-year espionage spree

Threat researcher Joey Chen of Sentinel Labs says he's spotted a decade worth of cyber attacks he's happy to attribute to a single Chinese gang. Chen has named the group Aoqin Dragon, says its goal is espionage, and that it prefers targets in Australia, Cambodia, Hong Kong, Singapore, and Vietnam. The gang is fond of attacks …

  1. Pascal Monett Silver badge

    Once again

    When will people learn that nobody sends you an attachment without even knowing you ?

    1. Anonymous Coward
      Anonymous Coward

      Re: Once again

      Sophisticated scammers seem to look at your activity and personalize the "hook". A friend of mine was travelling in Spain and Portugal recently and was sending me photos through email. I got an email that appeared to be from him with a link that said it was an overlooked photo. The email wasn't the usual form of those from my friend, and the link was to something in Iceland.


      1. Missing Semicolon Silver badge
        Black Helicopters

        Re: Once again

        How the heck did the scammers get to know what sort of emails you were getting? Your friends PC may already be compromised, or the email service that you or they are using has been cracked.

        1. Richard Jones 1

          Re: Once again

          Why do they need to know? After all, if you work on X or are involved in the Y department, there are possible generic hooks they can use. Otherwise, they might use the p0rn method, or the possible side interest, they do not care what they send out. Like the telephone scammers or text scammers who pepper the world with a grape shot of pure rubbish, hoping that the right fish will swallow the lure.

        2. Victor Ludorum

          Re: Once again

          There are all sorts of ways the scammers could have got useful information. My guess is that the travelling friend used compromised wifi. It's not too difficult to intercept emails.

      2. iron Silver badge

        Re: Once again

        That is pure coincidence. People often send each other photos, they just got (almost) lucky because you were expecting photos. Their email could just as easily have been about a package that was delivered.

    2. Mike 137 Silver badge

      Re: Once again

      If you have "attachment preview" turned on in your email client, you could be toast without even being aware there's a problem.

      Ultimately, it's the now long established blurring of distinctions between:

      [a] code and data

      [b] local and remote access

      plus an insistence on 'convenience' that have enabled this whole disaster.

    3. Anonymous Coward

      Re: Once again

      People will never learn.

      An easy way to cut down on user stupidity would be for email apps showing the URL of a link rather than the text of the link, ideally by default.

  2. sitta_europea Silver badge

    [quote]...Aoqin Dragon's method of using malicious Microsoft Word documents also relies on users not doing the right thing and either patching or upgrading their apps to safe editions.[/quote]

    Alternatively they can rely on Microsoft not actually fixing the vulnerability...

  3. sitta_europea Silver badge

    When customers' PCs get compromised I get replies to email messages that I sent five years ago.

    They're pretty easy to spot.

    1. Anonymous Coward
      Anonymous Coward

      that's generally a virus and not a malicious actor. a malicious actor will take the time to try and fool you. Automated crap is like you say, much easier to spot.

      I manage email security at a company and see it all. The most annoying ones are using service like sendgrid and salesforce - but getting them shut down/interrupted is also satisfying, which the do fast when reported.

      Using custom strings to filter is a big help - regex entries to block all bitcoin key emails, keywords to block (much more detailed but for example) "Kindly do the needful" or the scammers phone numbers or a sentence they use regularly. I also get satisfaction out of permanently blocking IP subnets when not in our business region of the world. :)

      1. druck Silver badge

        Oh for the good old days when you just had to block posts containing claims you had inherited ONE HUNDRED MILLION US DOLLARS.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like