Aoqin Dragon

Also known as: Aoqin Dragon, UNC94

Aoqin Dragon is a suspected Chinese cyber espionage threat group that has been active since at least 2013. Aoqin Dragon has primarily targeted government, education, and telecommunication organizations in Australia, Cambodia, Hong Kong, Singapore, and Vietnam. Security researchers noted a potential association between Aoqin Dragon and UNC94, based on malware, infrastructure, and targets. SentinelOne Aoqin Dragon June 2022

🌍 Country China
🧭 ATT&CK G1007
Government Education Telecommunications

Targeted Victims

Australia Cambodia Hong Kong Singapore Vietnam

Introduction

Aoqin Dragon is a suspected Chinese cyber espionage threat group that has been active since at least 2013. Aoqin Dragon has primarily targeted government, education, and telecommunication organizations in Australia, Cambodia, Hong Kong, Singapore, and Vietnam. Security researchers noted a potential association between Aoqin Dragon and UNC94, based on malware, infrastructure, and targets. SentinelOne Aoqin Dragon June 2022

Activities and Tactics

Targeted Sectors: Government, Education, Telecommunications

Country of Origin: 🇨🇳 China

Suspected Victims: Australia, Cambodia, Hong Kong, Singapore, Vietnam

Notable Campaigns

Information pending cataloguing.

Tactics, Techniques, and Procedures (TTPs)

ATT&CK technique IDs (denormalized)

Notable Indicators of Compromise (IOCs)

No curated IOCs are currently published for this actor. This section will be updated when stable, attributable indicators are available.

Malware and Tools

  • Backdoor.Oldrea
  • Back Orifice
  • Back Orifice 2000
  • GraphicBooting

MITRE ATT&CK Software

Attribution and Evidence

Country of Origin: China Additional attribution information pending cataloguing.

References

[1] mitre-attack [2] SentinelOne Aoqin Dragon June 2022 Chen, Joey. (2022, June 9). Aoqin Dragon | Newly-Discovered Chinese-linked APT Has Been Quietly Spying On Organizations For 10 Years. Retrieved July 14, 2022.