Find notable cyber news and cases, enriched with sources, timelines, and signals.

LongNosedGoblin cyber-espionage campaign targeting government entities in Southeast Asia and Japan

Campaign
First reported
Last updated
Happening score
H score 33
1 unique sources, 1 articles

Summary

Hide ▲

A LongNosedGoblin campaign is targeting governmental entities in Southeast Asia and Japan, creating a sustained risk of cyber espionage and file exfiltration inside compromised networks. The operation has been active since at least September 2023 and uses Group Policy to push malware across victim environments. It also abuses Microsoft OneDrive, Google Drive, and later Yandex Disk as C&C infrastructure.

Related Happenings

GigaWiper / BLUERABBIT destructive Windows backdoor activity

Malware Activity
H score31 First: 09.07.2026 21:08 Last: 09.07.2026 21:08 Sources 1

About this happening: The **GigaWiper / BLUERABBIT** malware activity now combines **disk wiping**, **fake ransomware**, and **spyware backdoor** functions on **Windows**, increasing the chance that on...

Gamaredon Ukraine spear-phishing campaign across government and military targets

Campaign
H score39 First: 29.06.2026 14:40 Last: 29.06.2026 14:40 Sources 1

About this happening: The **Gamaredon** campaign expanded across **Ukraine** in **2025**, hitting **governmental and military institutions** with **35 spear-phishing campaigns** and raising the risk of...

StealC and Amadey infostealer infrastructure disruption

Malware Activity
H score69 First: 24.06.2026 18:25 Last: 24.06.2026 18:25 Sources 1

About this happening: **StealC** and **Amadey** malware infrastructure was disrupted in **Operation Endgame**, cutting off the command-and-control services used to manage infected systems. Europol said...

Windows cryptocurrency clipper campaign targeting users via USB LNK worms

Campaign
H score32 First: 18.06.2026 17:30 Last: 18.06.2026 17:30 Sources 1

About this happening: A **Windows cryptocurrency clipper campaign** is actively targeting users since **February 2026**, putting clipboard data, wallet addresses, and seed phrases at risk. The operatio...

Gamaredon Ukraine espionage campaign targeting government, military and critical infrastructure

Campaign
H score56 First: 01.06.2026 14:00 Last: 01.06.2026 14:00 Sources 1

About this happening: The **Gamaredon** espionage campaign remained active in **January 2026**, targeting **Ukrainian government, military, and critical-infrastructure** networks to steal documents and...

Timeline

  1. 18.12.2025 19:34 2 articles · 6mo ago

    LongNosedGoblin cyber-espionage campaign disclosed

    Initial Disclosure

    LongNosedGoblin is a previously undocumented China-aligned threat cluster targeting governmental entities in Southeast Asia and Japan for cyber espionage. ESET assessed the activity as active since at least September 2023, with Group Policy used to deploy malware across compromised networks and cloud services including Microsoft OneDrive, Google Drive, and Yandex Disk used as C&C infrastructure. The associated toolset includes NosyHistorian, NosyDoor, NosyStealer, NosyDownloader, and NosyLogger, and analysis also noted a NosyDoor variant targeting an organization in an E.U country.

    Show sources