216.73.217.139

LongNosedGoblin tries to sniff out governmental affairs in Southeast Asia and Japan

· Published 03/01/2026 11:05 · Modified 05/01/2026 11:39

Export JSON

Essential information

Published
03/01/2026 11:05
Modified
05/01/2026 11:39
Tags
2026-01-03 apt backdoor browser data china cloud services cyberespionage group policy japan nosydoor nosydownloader nosyhistorian nosylogger nosystealer reversesocks5 southeast asia
Related entities
10 observables, 1 intrusion sets (apt), 6 malware, 4 others

Description

ESET researchers have uncovered a new -aligned group named LongNosedGoblin targeting governmental entities in and for . The group employs a varied custom toolset of C#/.NET applications and abuses for lateral movement. Key tools include for collecting browser history, using as C&C, and for exfiltrating . The attackers also utilize techniques like AppDomainManager injection and AMSI bypassing. LongNosedGoblin has been active since at least September 2023, showing ongoing campaigns throughout 2024 and 2025. The research provides detailed analysis of the group's malware and tactics, including potential sharing of the among multiple -aligned actors.

External references