- Pro
- Security
An APT41 spinoff is spying on targets across Europe and Asia
When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.
(Image credit: Shutterstock)
- Copy link
- X
- Threads
Sign up for breaking news, reviews, opinion, top tech deals, and more.
Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.You are now subscribed
Your newsletter sign-up was successful
An account already exists for this email address, please log in. Subscribe to our newsletter- Chinese state-backed group Silver Dragon targets governments
- Attackers abuse Google Cloud and Windows services for stealth
- Custom backdoor GearDoor enables covert data exfiltration
Chinese state-sponsored threat actors have been seen abusing legitimate Windows and Google Cloud services to hide their tracks as they spy on their targets across Southeast Asia and Europe.
A new report by Check Point Research (CPR) reveals how a group dubbed Silver Dragon has been active since at least mid-2024, targeting government entities in European countries such as Russia, Poland, Hungary, and Italy - but also Japan, Myanmar, and Malaysia.
Silver Dragon appears to be part of APT41, an infamous state-sponsored actor that engages mostly in cyber-espionage.
You may like-
Experts warn Chinese "Ink Dragon" hackers extend reach into European governments
-
Dangerous new malware exploits WinRAR flaw - here's what we know
-
Researchers identify new ToneShell backdoor targeting government agencies
Leveraging regular "noise"
The attacks usually start with a phishing email, impersonating official communications and sharing weaponized documents and links. Alternatively, the group would go for internet-exposed systems, compromising servers and pivoting deeper into internal networks to deploy additional tools.
At the heart of the campaign is a custom backdoor called GearDoor which, instead of the usual shady server, uses Google Drive as its command-and-control (C2) infrastructure. Every infected machine creates a Google Cloud folder in a dedicated account, uploads periodic heartbeat data and retrieves operator commands disguised as regular files.
All stolen intelligence is exfiltrated into that same location.
Silver Dragon was also seen hijacking legitimate Windows services, stopping and recreating them to load malicious codes with trusted names. These include Windows Update, Bluetooth, and .NET Framework utilities.
Are you a pro? Subscribe to our newsletterContact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsorsBy submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.By blending into normal system activity, the attackers are able to persist for longer on a system, without being spotted by defenders. CPR says the tactic works extremely well in large environments “where system services generate routine noise.”
The hackers also deploy a wide range of post-exploitation tools, such as SSHcmd, or Cobalt Strike. The former is a lightweight SSH utility that enables remote command execution and file transfer, while Cobalt Strike is a pentesting tool commonly abused by threat actors.
“Rather than relying solely on bespoke infrastructure, state-aligned actors increasingly embed themselves within legitimate enterprise systems and trusted cloud services. This reduces visibility for traditional perimeter defenses and extends dwell time inside targeted networks,” CPR concluded.
“For executive leadership, the implication is clear: exposure is no longer limited to obvious malware or suspicious external connections. Risk now includes subtle abuse of legitimate services, cloud platforms, and core operating system components.”
The best antivirus for all budgetsOur top picks, based on real-world testing and comparisons➡️ Read our full guide to the best antivirus1. Best overall:Bitdefender Total Security2. Best for families:Norton 360 with LifeLock3. Best for mobile:McAfee Mobile Security
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
Sead FadilpašićSocial Links NavigationSead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
View MoreYou must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
Logout Read more
Experts warn Chinese "Ink Dragon" hackers extend reach into European governments
Dangerous new malware exploits WinRAR flaw - here's what we know
Researchers identify new ToneShell backdoor targeting government agencies
Google takes down telecom hackers using Sheets and SaaS apps to spread mayhem
React2Shell RCE flaw exploited by Chinese hackers hours after disclosure
Experts warn this new Chinese Linux malware could be preparing something seriously worrying
Latest in Security
Microsoft warns of new signed malware which deploys remote monitoring tools as backdoors
Major data leak forum LeakBase seized by FBI, Europol, and shut down
Microsoft, Europol take down global phishing as a service network which was able to bypass 2FA with ease
'The total industrialization of cyber threats': Cloudflare report outlines how hackers are 'weaponizing the Internet'
iPhones targeted by 'new and powerful' malware - and "Coruna" may have been developed by the US government
Hackers are turning to easy, fast AI solutions to roll out attacks - so how can your business stay safe?
Latest in News
Control Resonant gameplay designer says 'this not a soulslike' but an 'action-driven' sequel that leans heavily on melee and supernatural abilities — 'The player is very much in charge'
‘Let us cook’ — Crimson Desert asks fans to wait longer for PS5 footage
The Division 2: Warlords of New York expansion will be available for all players during the series' Anniversary Season alongside a new, limited-time Realism Mode that is 'a reflection of what has always sat at the heart of The Division'
Dutch MPs call for free government-backed VPN, ad-blocker, and password manager for all citizens
Ubisoft provides updates on the Assassin's Creed series, says its 'taking the time to deliver on its ambitious vision' of Hexe and Codename Invictus is 'a new approach to multiplayer in the franchise, but it isn't quite what the rumors have suggested'
Chinese hackers hide malware within Windows and Google Drive to hit government targets
LATEST ARTICLES- 1If you're buying a MacBook Neo, this $2.49 monthly add-on is a smart way to stay secure
- 2Best phones of MWC 2026: the 6 phones worth knowing about
- 3‘Let us cook’ — Crimson Desert asks fans to wait longer for PS5 footage
- 4Control Resonant gameplay designer says 'this not a soulslike' but an 'action-driven' sequel that leans heavily on melee and supernatural abilities — 'The player is very much in charge'
- 5The indie camera brand — ‘We will keep making unique cameras’ says Sigma's CEO