Spring Dragon

  • First known sample

  • Discovery

  • Current status

  • Type

    Cyberespionage toolkit
  • TOP targeted countries

    Hong Kong , Indonesia , Malaysia , Philippines , Taiwan , Thailand , Vietnam
  • The way of propagation

    Social engineering , Watering hole attacks
  • Purpose/Functions

  • Targets

    Academia/Research , Government entities , Politicians , Telecoms
  • Artefacts/Attribution
    More than 40% of all the C2 servers used for Spring Dragon’s operations are located in Hong Kong, which hints at the geographical region (Asia) of the attackers and/or their targets. The next most popular countries are the US, Germany, China and Japan.
  • Description

    An APT group dating back to 2012 that utilizes spear-phishing and watering-hole attacks to target high-profile government agencies, political parties, educational institutions and telecommunication organizations, traditionally around the South China Sea. Most of the malicious tools implemented by Spring Dragon over the years are backdoors designed to steal data, execute additional malware components, and run system commands on victim’s computers.

    Additional information