Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

LongNosedGoblin cyber-espionage campaign targeting government entities in Southeast Asia and Japan

Campaign
First reported
Last updated
Happening score
H score 36
1 unique sources, 1 articles

Summary

Hide ▲

A LongNosedGoblin campaign is targeting governmental entities in Southeast Asia and Japan, creating a sustained risk of cyber espionage and file exfiltration inside compromised networks. The operation has been active since at least September 2023 and uses Group Policy to push malware across victim environments. It also abuses Microsoft OneDrive, Google Drive, and later Yandex Disk as C&C infrastructure.

Related Happenings

GopherWhisper China-aligned APT campaign targeting Mongolian government institutions

Campaign
First: 23.04.2026 12:04 Last: 23.04.2026 12:04 Sources 1

About this happening: The **GopherWhisper** campaign is a **China-aligned APT operation** targeting **Mongolian governmental institutions**, and it now appears to extend beyond a single compromise to *...

Open Happening

CL-UNK-1068 years-long espionage campaign targeting Asian organizations

Campaign
First: 09.03.2026 09:21 Last: 09.03.2026 09:21 Sources 1

About this happening: A **Chinese threat actor** is linked to a **years-long espionage campaign** against **high-value organizations in South, Southeast, and East Asia**, creating persistent risk for c...

Open Happening

DKnife gateway-monitoring malware framework

Malware Activity
First: 06.02.2026 19:00 Last: 06.02.2026 19:00 Sources 1

About this happening: The discovery of **DKnife** exposes a **long-running malware framework** that has remained active since at least **2019**, raising the risk of **gateway-level traffic interception...

Open Happening

Shadow-Void-044 and Shadow-Earth-045 PeckBirdy cyber-espionage campaigns

Campaign
First: 28.01.2026 18:19 Last: 28.01.2026 18:19 Sources 1

About this happening: Two **China-aligned** **PeckBirdy** espionage campaigns were identified, widening risk to **Chinese gambling websites**, **Asian government entities**, and a **Philippine educatio...

Open Happening

Mustang Panda multi-country espionage campaign against government and telecom targets

Campaign
First: 28.01.2026 13:40 Last: 28.01.2026 13:40 Sources 1

About this happening: A **Mustang Panda** espionage campaign targeted **government entities** across **Myanmar, Mongolia, Malaysia, and Russia**, showing sustained multi-country activity from **2021-20...

Open Happening

Timeline

  1. 18.12.2025 19:34 2 articles · 5mo ago

    LongNosedGoblin cyber-espionage campaign disclosed

    Initial Disclosure

    LongNosedGoblin is a previously undocumented China-aligned threat cluster targeting governmental entities in Southeast Asia and Japan for cyber espionage. ESET assessed the activity as active since at least September 2023, with Group Policy used to deploy malware across compromised networks and cloud services including Microsoft OneDrive, Google Drive, and Yandex Disk used as C&C infrastructure. The associated toolset includes NosyHistorian, NosyDoor, NosyStealer, NosyDownloader, and NosyLogger, and analysis also noted a NosyDoor variant targeting an organization in an E.U country.

    Show sources
    Open in new tab