Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Silver Dragon intrusion and phishing campaign targeting Europe, Southeast Asia, and Uzbekistan

Campaign
First reported
Last updated
Happening score
H score 42
1 unique sources, 1 articles

Summary

Hide ▲

The Silver Dragon campaign is actively using public-facing internet servers and phishing emails with malicious attachments to gain initial access, expanding risk across Europe, Southeast Asia, and Uzbekistan. The operation has repeatedly singled out government entities and uses Cobalt Strike and DNS tunneling to sustain access and evade detection. Multiple infection chains, including AppDomain hijacking, service DLL abuse, and LNK-based phishing, show a coordinated and evolving intrusion pattern. The activity matters because it links a named cluster to sustained, multi-region targeting with post-exploitation tooling and persistence methods.

Related Happenings

Ghostwriter geofenced PDF spear-phishing campaign targeting Ukrainian government entities

Campaign
First: 14.05.2026 17:00 Last: 14.05.2026 17:00 Sources 1

About this happening: The **Ghostwriter / FrostyNeighbor** group is running a **geofenced spear-phishing campaign** against **government entities in Ukraine**, and the operation matters because it deli...

Open Happening

LOTUSLITE evolved backdoor activity in India banking-sector targeting

Malware Activity
First: 22.04.2026 10:58 Last: 22.04.2026 10:58 Sources 1

About this happening: An **evolved LOTUSLITE** backdoor is now being deployed with **remote shell**, **file operations**, **session management**, and **data exfiltration** capabilities, extending an **...

Open Happening

FBI seizes Handala websites

Law Enforcement
First: 19.03.2026 18:14 Last: 19.03.2026 18:14 Sources 1

About this happening: The **FBI** seized **two Handala websites**, escalating a law-enforcement response to a **cyberattack** tied to the group’s destructive activity against **Stryker** and disrupting...

Open Happening

Storm-2561 fake enterprise VPN Hyrax infostealer activity

Malware Activity
First: 13.03.2026 15:23 Last: 13.03.2026 15:23 Sources 1

About this happening: A fake enterprise VPN installer is now delivering **Hyrax infostealer** components that steal **VPN credentials** and maintain persistence on **Windows** systems. The operation ma...

Open Happening

FortiGate NGFW abuse campaign targeting healthcare, government, and managed service providers

Campaign
First: 10.03.2026 18:21 Last: 10.03.2026 18:21 Sources 1

About this happening: A **new FortiGate abuse campaign** is using **FortiGate NGFW appliances** as entry points to breach victim networks, creating immediate risk for **healthcare**, **government**, an...

Open Happening

Timeline

  1. 04.03.2026 10:14 2 articles · 2mo ago

    Check Point discloses Silver Dragon intrusion tradecraft

    Initial Disclosure

    Check Point disclosed that Silver Dragon, assessed within the APT41 umbrella, has targeted government entities in Europe, Southeast Asia, and Uzbekistan with public-facing server exploitation, phishing emails with malicious attachments, compressed-archive delivery chains, and post-exploitation tooling including Cobalt Strike, MonikerLoader, BamboLoader, SilverScreen, SSHcmd, and GearDoor. The group also uses DNS tunneling and Google Drive-based command-and-control while maintaining access through hijacked Windows services, DLL sideloading via GameHook.exe, and LNK-based phishing that launches PowerShell through cmd.exe.

    Show sources
    Open in new tab