LongNosedGoblin cyber-espionage campaign targeting government entities in Southeast Asia and Japan
Campaign
Summary
Hide ▲
Show ▼
A LongNosedGoblin campaign is targeting governmental entities in Southeast Asia and Japan, creating a sustained risk of cyber espionage and file exfiltration inside compromised networks. The operation has been active since at least September 2023 and uses Group Policy to push malware across victim environments. It also abuses Microsoft OneDrive, Google Drive, and later Yandex Disk as C&C infrastructure.
Related Happenings
GigaWiper / BLUERABBIT destructive Windows backdoor activity
Malware Activity
H score31
First: 09.07.2026 21:08
Last: 09.07.2026 21:08
Sources 1
About this happening:
The **GigaWiper / BLUERABBIT** malware activity now combines **disk wiping**, **fake ransomware**, and **spyware backdoor** functions on **Windows**, increasing the chance that on...
GigaWiper / BLUERABBIT destructive Windows backdoor activity
Malware ActivityAbout this happening: The **GigaWiper / BLUERABBIT** malware activity now combines **disk wiping**, **fake ransomware**, and **spyware backdoor** functions on **Windows**, increasing the chance that on...
Gamaredon Ukraine spear-phishing campaign across government and military targets
Campaign
H score39
First: 29.06.2026 14:40
Last: 29.06.2026 14:40
Sources 1
About this happening:
The **Gamaredon** campaign expanded across **Ukraine** in **2025**, hitting **governmental and military institutions** with **35 spear-phishing campaigns** and raising the risk of...
Gamaredon Ukraine spear-phishing campaign across government and military targets
CampaignAbout this happening: The **Gamaredon** campaign expanded across **Ukraine** in **2025**, hitting **governmental and military institutions** with **35 spear-phishing campaigns** and raising the risk of...
StealC and Amadey infostealer infrastructure disruption
Malware Activity
H score69
First: 24.06.2026 18:25
Last: 24.06.2026 18:25
Sources 1
About this happening:
**StealC** and **Amadey** malware infrastructure was disrupted in **Operation Endgame**, cutting off the command-and-control services used to manage infected systems. Europol said...
StealC and Amadey infostealer infrastructure disruption
Malware ActivityAbout this happening: **StealC** and **Amadey** malware infrastructure was disrupted in **Operation Endgame**, cutting off the command-and-control services used to manage infected systems. Europol said...
Windows cryptocurrency clipper campaign targeting users via USB LNK worms
Campaign
H score32
First: 18.06.2026 17:30
Last: 18.06.2026 17:30
Sources 1
About this happening:
A **Windows cryptocurrency clipper campaign** is actively targeting users since **February 2026**, putting clipboard data, wallet addresses, and seed phrases at risk. The operatio...
Windows cryptocurrency clipper campaign targeting users via USB LNK worms
CampaignAbout this happening: A **Windows cryptocurrency clipper campaign** is actively targeting users since **February 2026**, putting clipboard data, wallet addresses, and seed phrases at risk. The operatio...
Gamaredon Ukraine espionage campaign targeting government, military and critical infrastructure
Campaign
H score56
First: 01.06.2026 14:00
Last: 01.06.2026 14:00
Sources 1
About this happening:
The **Gamaredon** espionage campaign remained active in **January 2026**, targeting **Ukrainian government, military, and critical-infrastructure** networks to steal documents and...
Gamaredon Ukraine espionage campaign targeting government, military and critical infrastructure
CampaignAbout this happening: The **Gamaredon** espionage campaign remained active in **January 2026**, targeting **Ukrainian government, military, and critical-infrastructure** networks to steal documents and...
Timeline
-
18.12.2025 19:34 2 articles · 6mo ago
LongNosedGoblin cyber-espionage campaign disclosed
Initial DisclosureLongNosedGoblin is a previously undocumented China-aligned threat cluster targeting governmental entities in Southeast Asia and Japan for cyber espionage. ESET assessed the activity as active since at least September 2023, with Group Policy used to deploy malware across compromised networks and cloud services including Microsoft OneDrive, Google Drive, and Yandex Disk used as C&C infrastructure. The associated toolset includes NosyHistorian, NosyDoor, NosyStealer, NosyDownloader, and NosyLogger, and analysis also noted a NosyDoor variant targeting an organization in an E.U country.
Show sources
- China-Aligned Threat Group Uses Windows Group Policy to Deploy Espionage Malware — thehackernews.com — 18.12.2025 19:34
- China-Aligned Threat Group Uses Windows Group Policy to Deploy Espionage Malware — thehackernews.com — 18.12.2025 19:34