Silver Dragon intrusion and phishing campaign targeting Europe, Southeast Asia, and Uzbekistan
Campaign
Summary
Hide ▲
Show ▼
The Silver Dragon campaign is actively using public-facing internet servers and phishing emails with malicious attachments to gain initial access, expanding risk across Europe, Southeast Asia, and Uzbekistan. The operation has repeatedly singled out government entities and uses Cobalt Strike and DNS tunneling to sustain access and evade detection. Multiple infection chains, including AppDomain hijacking, service DLL abuse, and LNK-based phishing, show a coordinated and evolving intrusion pattern. The activity matters because it links a named cluster to sustained, multi-region targeting with post-exploitation tooling and persistence methods.
Related Happenings
Cavern Manticore campaign targeting Israeli government and IT organizations
Campaign
H score30
First: 06.07.2026 19:00
Last: 06.07.2026 19:00
Sources 1
About this happening:
The **Cavern Manticore** campaign is **targeting Israeli government and IT organizations** since **early 2026**, increasing the risk of **unauthorized access** and **data theft**...
Cavern Manticore campaign targeting Israeli government and IT organizations
CampaignAbout this happening: The **Cavern Manticore** campaign is **targeting Israeli government and IT organizations** since **early 2026**, increasing the risk of **unauthorized access** and **data theft**...
GreyVibe AI-assisted cyberespionage campaign targeting Ukraine-linked organizations
Campaign
H score39
First: 29.05.2026 01:24
Last: 29.05.2026 01:24
Sources 1
About this happening:
**GreyVibe** is running an **AI-assisted cyberespionage campaign** against **Ukrainian and Ukraine-related organizations**, expanding the threat to military, government, civilian,...
GreyVibe AI-assisted cyberespionage campaign targeting Ukraine-linked organizations
CampaignAbout this happening: **GreyVibe** is running an **AI-assisted cyberespionage campaign** against **Ukrainian and Ukraine-related organizations**, expanding the threat to military, government, civilian,...
Ghostwriter geofenced PDF spear-phishing campaign targeting Ukrainian government entities
Campaign
H score50
First: 14.05.2026 17:00
Last: 14.05.2026 17:00
Sources 1
About this happening:
The **Ghostwriter / FrostyNeighbor** group is running a **geofenced spear-phishing campaign** against **government entities in Ukraine**, and the operation matters because it deli...
Ghostwriter geofenced PDF spear-phishing campaign targeting Ukrainian government entities
CampaignAbout this happening: The **Ghostwriter / FrostyNeighbor** group is running a **geofenced spear-phishing campaign** against **government entities in Ukraine**, and the operation matters because it deli...
LOTUSLITE evolved backdoor activity in India banking-sector targeting
Malware Activity
H score23
First: 22.04.2026 10:58
Last: 22.04.2026 10:58
Sources 1
About this happening:
An **evolved LOTUSLITE** backdoor is now being deployed with **remote shell**, **file operations**, **session management**, and **data exfiltration** capabilities, extending an **...
LOTUSLITE evolved backdoor activity in India banking-sector targeting
Malware ActivityAbout this happening: An **evolved LOTUSLITE** backdoor is now being deployed with **remote shell**, **file operations**, **session management**, and **data exfiltration** capabilities, extending an **...
FBI seizes Handala websites
Law Enforcement
H score73
First: 19.03.2026 18:14
Last: 19.03.2026 18:14
Sources 1
About this happening:
The **FBI** seized **two Handala websites**, escalating a law-enforcement response to a **cyberattack** tied to the group’s destructive activity against **Stryker** and disrupting...
FBI seizes Handala websites
Law EnforcementAbout this happening: The **FBI** seized **two Handala websites**, escalating a law-enforcement response to a **cyberattack** tied to the group’s destructive activity against **Stryker** and disrupting...
Timeline
-
04.03.2026 10:14 2 articles · 4mo ago
Check Point discloses Silver Dragon intrusion tradecraft
Initial DisclosureCheck Point disclosed that Silver Dragon, assessed within the APT41 umbrella, has targeted government entities in Europe, Southeast Asia, and Uzbekistan with public-facing server exploitation, phishing emails with malicious attachments, compressed-archive delivery chains, and post-exploitation tooling including Cobalt Strike, MonikerLoader, BamboLoader, SilverScreen, SSHcmd, and GearDoor. The group also uses DNS tunneling and Google Drive-based command-and-control while maintaining access through hijacked Windows services, DLL sideloading via GameHook.exe, and LNK-based phishing that launches PowerShell through cmd.exe.
Show sources
- APT41-Linked Silver Dragon Targets Governments Using Cobalt Strike and Google Drive C2 — thehackernews.com — 04.03.2026 10:14
- APT41-Linked Silver Dragon Targets Governments Using Cobalt Strike and Google Drive C2 — thehackernews.com — 04.03.2026 10:14