Moshen Dragon
| Primary URL | Location | Industry | Undetermined |
Country
China
|
Government - National
|
|---|
Profile
Moshen Dragon is a Chinese cyber‑espionage group that focuses its operations on telecommunications providers located in Central Asia. The group’s primary objective is to gain persistent access to victim networks in order to collect sensitive communications and operational data. It employs a multi‑stage intrusion methodology that begins with initial compromise and proceeds through privilege escalation, lateral movement, and data exfiltration. The actors are known to maintain long‑term presence on compromised systems, allowing them to monitor and extract information over extended periods. Their targeting strategy reflects a strategic interest in the telecommunications sector, which serves as a critical infrastructure for regional connectivity and intelligence gathering.
The group distinguishes itself through a set of technical tactics that demonstrate a high degree of operational diligence. Moshen Dragon abuses high‑privilege antivirus processes to sideload malicious DLLs, thereby achieving unrestricted code execution while evading conventional defenses. For moving laterally within a network, the threat actors leverage the Impacket toolkit to capture domain password changes and facilitate credential theft. They deploy unique host‑specific loaders equipped with packet‑sniffing capabilities that activate payloads only on predetermined machines, reducing the likelihood of detection. Ultimately, the group installs PlugX and ShadowPad backdoor variants to establish covert channels for exfiltrating stolen data. These combined techniques underscore the group’s specialization in stealthy, sustained espionage campaigns against telecom infrastructure.
