{"id":219666,"date":"2026-03-04T03:14:00","date_gmt":"2026-03-04T08:14:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/03\/04\/apt41-linked-silver-dragon-targets-governments-using-cobalt-strike-and-google-drive-c2\/"},"modified":"2026-03-04T05:05:11","modified_gmt":"2026-03-04T10:05:11","slug":"apt41-linked-silver-dragon-targets-governments-using-cobalt-strike-and-google-drive-c2","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/03\/04\/apt41-linked-silver-dragon-targets-governments-using-cobalt-strike-and-google-drive-c2\/","title":{"rendered":"APT41-Linked Silver Dragon Targets Governments Using Cobalt Strike and Google Drive C2"},"content":{"rendered":"<p><a href=\"https:\/\/thehackernews.com\/2026\/03\/apt41-linked-silver-dragon-targets.html\">APT41-Linked Silver Dragon Targets Governments Using Cobalt Strike and Google Drive C2<\/a><\/p>\n<p><a href=\"https:\/\/thehackernews.com\/2026\/03\/apt41-linked-silver-dragon-targets.html\">https:\/\/thehackernews.com\/2026\/03\/apt41-linked-silver-dragon-targets.html<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-03-04 03:14:00<\/a><\/p>\n<p>Source Domain: <a href=\"thehackernews.com\">thehackernews.com<\/a><\/p>\n<p><span class=\"p-author\">\ue804<span class=\"author\">Ravie Lakshmanan<\/span>\ue802<span class=\"author\">Mar 04, 2026<\/span><\/span><span class=\"p-tags\">Malware \/ Windows Security<\/span><\/p>\n<p>Cybersecurity researchers have disclosed details of an advanced persistent threat (APT) group dubbed <strong>Silver Dragon<\/strong> that has been linked to cyber attacks targeting entities in Europe and Southeast Asia since at least mid-2024.<\/p>\n<p>&#8220;Silver Dragon gains its initial access by exploiting public-facing internet servers and by delivering phishing emails that contain malicious attachments,&#8221; Check Point said in a technical report. &#8220;To maintain persistence, the group hijacks legitimate Windows services, which allows the malware processes to blend into normal system activity.&#8221;<\/p>\n<p>Silver Dragon is assessed to be operating within the APT41 umbrella. APT41 is the cryptonym assigned to a prolific Chinese hacking group known for its targeting of healthcare, telecoms, high-tech, education, travel services, and media sectors for cyber espionage as early as 2012. It&#8217;s also believed to engage in financially motivated activity potentially outside of state control.<\/p>\n<p>Attacks mounted by Silver Dragon have been found to primarily single out government entities, with the adversary using Cobalt Strike beacons for persistence on compromised hosts. It&#8217;s also known to employ techniques like DNS tunneling for command-and-control (C2) communication to bypass detection.<\/p>\n<p>Check Point said it identified three different infection chains to deliver Cobalt Strike: AppDomain hijacking, service DLL, and email-based phishing.<\/p>\n<p>&#8220;The first two infection chains, AppDomain hijacking and Service DLL, show clear operational overlap,&#8221; the cybersecurity company said. &#8220;They are both delivered via compressed archives, suggesting their use in post\u2011exploitation scenarios. In several cases, these chains were deployed following the compromise of publicly exposed vulnerable servers.&#8221;<\/p>\n<p>The two chains make use of a RAR archive containing a batch script, with the first chain using it to drop MonikerLoader, a NET-based loader responsible for decrypting and executing a&#8230;<\/p>\n<p><a href=\"https:\/\/thehackernews.com\/2026\/03\/apt41-linked-silver-dragon-targets.html\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>APT41-Linked Silver Dragon Targets Governments Using Cobalt Strike and Google Drive C2 https:\/\/thehackernews.com\/2026\/03\/apt41-linked-silver-dragon-targets.html Publish Date:&#8230;<\/p>\n","protected":false},"author":1,"featured_media":219667,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhGPaqQJe-7ak-qgx29_h6G7zUiJhGiBSHZEiydrRzZzuKVlVMBzrJNLFndAvmu15EzX2SXQ8NUHKyH9ZJDQRQMnXukmrUfdPor35gswSxUuTNGGXo7h8eOhDNBVAaCGEo_ohNYv2-8W-zpOuSSHYqCB5iURwesotjNTK9a3926UdkuqI2uz-zUBMzNP5cU\/s1600\/dragon.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,32,25],"class_list":["post-219666","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-malware","tag-phishing"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/219666"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=219666"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/219666\/revisions"}],"predecessor-version":[{"id":219668,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/219666\/revisions\/219668"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/219667"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=219666"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=219666"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=219666"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}