Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

NosyDoor backdoor activity using OneDrive and Google Drive C&C

Malware Activity
First reported
Last updated
Happening score
H score 21
1 unique sources, 1 articles

Summary

Hide ▲

The NosyDoor backdoor is being used to exfiltrate files and run shell commands inside compromised networks, making the LongNosedGoblin toolset more dangerous. The malware uses Microsoft OneDrive as C&C, while related tools also rely on Google Drive. The activity is tied to a broader espionage operation against governmental entities in Southeast Asia and Japan.

Related Happenings

MuddyWater Microsoft Teams social-engineering campaign with Chaos ransomware decoy

Campaign
First: 06.05.2026 16:02 Last: 06.05.2026 16:02 Sources 1

About this happening: The **MuddyWater** campaign used **Microsoft Teams** social engineering and a **Chaos ransomware** decoy to gain access, steal credentials, and establish persistence. The operatio...

Open Happening

GopherWhisper China-aligned APT campaign targeting Mongolian government institutions

Campaign
First: 23.04.2026 12:04 Last: 23.04.2026 12:04 Sources 1

About this happening: The **GopherWhisper** campaign is a **China-aligned APT operation** targeting **Mongolian governmental institutions**, and it now appears to extend beyond a single compromise to *...

Open Happening

CL-UNK-1068 years-long espionage campaign targeting Asian organizations

Campaign
First: 09.03.2026 09:21 Last: 09.03.2026 09:21 Sources 1

About this happening: A **Chinese threat actor** is linked to a **years-long espionage campaign** against **high-value organizations in South, Southeast, and East Asia**, creating persistent risk for c...

Open Happening

Dindoor backdoor activity in MuddyWater operations

Malware Activity
First: 06.03.2026 17:15 Last: 06.03.2026 17:15 Sources 1

About this happening: Researchers identified **Dindoor**, a previously unknown backdoor, on targeted networks tied to **MuddyWater**, showing the group was using a new intrusion toolset. The malware ap...

Open Happening

CRESCENTHARVEST Windows RAT and info-stealer activity

Malware Activity
First: 19.02.2026 10:13 Last: 19.02.2026 10:13 Sources 1

About this happening: The **CRESCENTHARVEST** malware activity centers on **version.dll**, a **Windows RAT and information stealer** that can execute commands, log keystrokes, and exfiltrate data. It m...

Open Happening

Timeline

  1. 18.12.2025 19:34 2 articles · 5mo ago

    ESET discloses NosyDoor backdoor activity targeting government networks

    Initial Disclosure

    ESET disclosed LongNosedGoblin activity targeting governmental entities in Southeast Asia and Japan, describing NosyDoor as a backdoor that uses Microsoft OneDrive as C&C to exfiltrate files, delete files, and execute shell commands. The same toolset also included NosyHistorian, NosyStealer, NosyDownloader, and NosyLogger, and later analysis found a NosyDoor variant using Yandex Disk as C&C.

    Show sources
    Open in new tab