Moshen Dragon Victims

Moshen Dragon operates as a Chinese cyber-espionage group with demonstrated capabilities in targeting telecommunications infrastructure. The group focuses on compromising telecommunications providers in Central Asia to conduct data exfiltration campaigns, indicating a strategic interest in regional communications networks. Their operations prioritize stealth and persistence, leveraging compromised systems to extract sensitive information over extended periods without detection.

The group employs sophisticated techniques to bypass security measures and maintain network access. During a May 2022 campaign, threat actors abused high-privilege antivirus processes to sideload malicious DLLs, enabling unrestricted code execution while evading endpoint detection mechanisms. This approach facilitated the deployment of Impacket tools for lateral movement across compromised networks, allowing credential theft through real-time interception of domain password changes. Moshen Dragon demonstrated operational diligence through host-specific malware loaders with embedded packet-sniffing functionality, ensuring payloads only activated on predetermined target machines to avoid unnecessary exposure.

Final-stage malware deployments included modular backdoors such as PlugX and ShadowPad variants, enabling persistent remote access and data harvesting from multiple network nodes. These tools allowed operators to exfiltrate information systematically while maintaining operational flexibility. The group's combination of living-off-the-land binaries, process hollowing, and custom evasion mechanisms reflects advanced tradecraft tailored for high-value intelligence collection. Their focus on telecommunications providers suggests intent to monitor communications or disrupt critical infrastructure, though specific operational objectives remain unconfirmed in available reporting.