Critical

Chinese APT ‘LongNosedGoblin’ Targeting Asian Governments

SecurityWeek
Actively Exploited

Overview

The hacking group known as LongNosedGoblin has been targeting Asian governments by deploying cyberespionage tools on their networks using Group Policy. This method allows them to effectively infiltrate and operate within government systems, raising concerns about national security and data integrity. Researchers have identified this group as a persistent threat, which could compromise sensitive information and disrupt governmental operations. The implications are significant, as such attacks could weaken trust in governmental digital infrastructures and potentially expose critical data to adversaries. As this activity continues, it emphasizes the need for robust cybersecurity measures in governmental organizations to protect against such sophisticated attacks.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: Asian government networks
  • Action Required: Strengthening cybersecurity protocols, monitoring for unusual network activity, and implementing strict access controls are recommended measures.
  • Timeline: Ongoing since recent months

Original Article Summary

The hacking group has been using Group Policy to deploy cyberespionage tools on governmental networks. The post Chinese APT ‘LongNosedGoblin’ Targeting Asian Governments appeared first on SecurityWeek.

Impact

Asian government networks

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Ongoing since recent months

Remediation

Strengthening cybersecurity protocols, monitoring for unusual network activity, and implementing strict access controls are recommended measures.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to APT, Critical.

Related Coverage

Dutch police bust investment fraud ring stealing over €100 million

BleepingComputer

Dutch police have arrested several individuals connected to an international investment fraud scheme that has reportedly defrauded over €100 million from tens of thousands of victims. The suspects are believed to have lured investors with promises of high returns, often targeting individuals through online platforms. This crackdown is part of a larger effort to combat financial fraud, which has been on the rise, particularly with the increase in online investment opportunities. The police are now investigating the full extent of the operation and are urging anyone who thinks they might have been a victim to come forward. The implications of this fraud ring are significant, as it not only affects individual investors but also undermines trust in legitimate investment practices.

Jul 15, 2026

Forgotten Bootloaders Expose Secure Boot Blind Spot

darkreading

Researchers have discovered that nearly a dozen UEFI shim bootloaders, which were deemed vulnerable and subsequently revoked, remained trusted for years. This oversight allowed attackers an opportunity to bypass the Secure Boot feature designed to protect systems from unauthorized software. The situation raises significant security concerns, particularly for users and organizations relying on Secure Boot to safeguard their devices. The affected bootloaders could have been exploited to run malicious code, potentially compromising the integrity of the systems. As this issue has persisted for some time, it highlights the need for better management of trusted software components in the boot process.

Jul 15, 2026

Europe built the world's strongest privacy law. WhatsApp just found the gap it doesn't cover.

SCM feed for Latest

A recent discussion around WhatsApp's use of usernames has raised concerns about privacy and identity verification. While usernames can enhance user privacy by allowing individuals to avoid sharing phone numbers, they also create a loophole that could be exploited for fraud. This change in how users identify themselves on the platform could make it easier for scammers to impersonate others, leading to increased risks for users. As WhatsApp continues to navigate these privacy features, the balance between protecting user identity and ensuring security is becoming more complicated. This situation is particularly relevant given the strong privacy laws in Europe that WhatsApp must comply with.

Jul 15, 2026

CISA warns that three SharePoint Server bugs are actively exploited

SCM feed for Latest

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about three vulnerabilities in SharePoint Server that are currently being exploited by attackers. Federal agencies have until July 17 to apply patches to mitigate the risks associated with these flaws. The vulnerabilities could allow unauthorized access and manipulation of sensitive data, posing a significant threat to organizations using these systems. It's crucial for users of SharePoint Server to take immediate action to protect their environments from potential breaches. Ignoring these vulnerabilities could lead to serious security incidents and data loss.

Jul 15, 2026

SonicWall customers under threat as attackers exploit 2 zero-days

CyberScoop

SonicWall customers are currently facing significant risks as attackers exploit two critical zero-day vulnerabilities. Researchers revealed that these flaws were actively targeted by hackers three weeks prior to SonicWall's disclosure and patching efforts. This means that many users may still be vulnerable to attacks if they haven't updated their systems. The exploitation of these vulnerabilities could lead to unauthorized access to sensitive information and compromise network security. It's crucial for organizations using SonicWall products to take immediate action to secure their systems against these threats.

Jul 15, 2026

TuxBot v3 Evolution Shows Signs of LLM-Assisted IoT Botnet Development

The Hacker News

Cybersecurity researchers have identified a new Internet-of-Things (IoT) botnet framework called TuxBot v3 Evolution. This botnet appears to have been developed with some assistance from a large language model (LLM), although the results have not been entirely successful. Notably, when the developers prompted the AI to generate botnet code, it included a safety disclaimer that the developers did not remove. This incident raises concerns about the potential misuse of AI in creating malicious software. As IoT devices become more prevalent, any vulnerabilities or botnets that target them could impact a wide range of users and systems, making it crucial for manufacturers and users to enhance their security measures.

Jul 15, 2026