Silver Dragon Targets Organizations in Southeast Asia and Europe
· Published 03/03/2026 20:03 · Modified 04/03/2026 11:17
Essential information
- Published
- 03/03/2026 20:03
- Modified
- 04/03/2026 11:17
- Tags
- 2026-03-03 apt chinese cobalt strike dns tunneling geardoor government silverscreen southeast asia sshcmd
- Related entities
- 31 observables, 1 intrusion sets (apt), 20 techniques (mitre), 4 malware, 16 others
Description
Check Point Research has identified a Chinese-nexus advanced persistent threat group named Silver Dragon, targeting organizations in Southeast Asia and Europe since mid-2024. The group, likely operating under APT41, exploits public-facing servers and uses phishing emails for initial access. They deploy custom tools including GearDoor, a backdoor using Google Drive for command and control, SSHcmd for remote access, and SilverScreen for covert screen monitoring. Silver Dragon primarily focuses on government entities, utilizing Cobalt Strike beacons and DNS tunneling for communication. The group's sophisticated tactics and evolving toolkit demonstrate a well-resourced and adaptable threat actor.
Related entities
Vulnerabilities, IOCs, intrusion sets, MITRE techniques and other entities referenced in this report.
Observables (31)
37b485ed8d150d022c41e5e307b8c54c34ef806625b44d0c940b18be7d5b29ce51684a0e356513486489986f5832c948107ff687c8501d64846cdc430742941385a03d2e74ae84093a74699057693d11e5c61f85b62e741778cbc5fc9f89022f43f8f94ca5aa0af7bfb0cc1d2f664a46500a161b2d082b48b516d084ef4853487f89a4d5af47bc00a9ad58f0bcbe8a7be2662953dcd03f0e881cc5cbf6b7bca8c4de1f1a8cb3b0392802ee56096ddb25b6f51c51350ce7c45e14d8c2857653002f787c1454891b242ab221b8b8b420373c3eb1a0c1fdcb624dd800c50758bbb072e4b6540e32b8b7aac850055609bc5afc19e29834e9aa6be29a8ea59a2c97853e2a0bafbd44e24b17fd7b17c9f2b2a3727349971d42612d55bbc1732082619a967b5c611d304385807ea2d865fa561c15cde0473dd63e768679a4f29f0e4563740a09fcdefa5a5f79355b720f54ff09efa64062229fb388adbccd9c829e9ff0bcbe2f0a8134c0e7fce18d0394ababc1d910e6f7b77b8c07643434cd14f4c5d65ad857df8976523cb3ad2fdf30e87c0e7daa64135716b139ffdcd209b98e1654b93560c4d18120e113fb8b04a8aa05f66a12116d1fbf18a93186f6314381e97e4f93be0c46a53701b1777ab8df874c837df3d8256e026f138d60fc2932e569a819139a525ee9c22efd6a4842c4cd50ab2c5f9ee391e5531071df0bb4e685f55dbd699ed720e2bd7085b3444cb8f4d36870b5b48df1055ec6cc1553db3eef7fafe3b016f2fc865d0f53f635f740eb0203626517425ed9a2908058f96a3bcf470da6b5448ba45f3f352f5f4c5376024891adda1ef8ebf62a8fe63424fa230c691dddaca57f3d5f4986da052ca172631b351410d6f5831f6af351699c6201cc011b5341c7256542405abdd01ee288b08e49dcb6d1782be6b7bea63b459d80f9a8f57384462d420bdc9683a4cac2a8ad19353a2aa7d2244c91e9182345777e811e3344e769efed3e4f9f04c52dcd13f15cead251a1a08827a2cb6ea68427522c7fbb74a11a07d167f8f5c0baa724d1f7708985c81d0ac3d0e4d7ef3f3220c335e009948468aba5c851952ebe56a5bf37904ed83a6c8cb520304db6938d79892f0a1b166e777cb72a7c4e126f8ed97e0a82e7ca9e87df7793fea811daf34e1e7e47a616b9a7358be88632378ba20ba1430786f3b844694b1f876211ecdbecf5cccbc23a2df7a2cfeca5ba315a29cf313268a53a22316c925e6b9760ead8f4df0d1f75568c67564d62b09d1a1bc29a494cf4bf31afddcafcf78592b178c63f23ccfcae3128bdb8efaaa04c0ba96337252f4cc2dc795021cbc410f74ace9dde958bac1d8c29f9189a9ad75a959024f59e68c62d42a6fd42f9eacf847128c7efe4ef7578
Intrusion sets (APT) (1)
-
AlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 Published 04/03/2026 12:15 · Modified 04/03/2026 12:15
Techniques (MITRE) (20)
-
Process Discovery
-
SSH
-
Match Legitimate Resource Name or Location
-
Valid Accounts
-
Process Injection
-
Scheduled Task/Job
-
PowerShell
-
Protocol or Service Impersonation
-
System Network Configuration Discovery
-
Windows Command Shell
-
Ingress Tool Transfer
-
Bidirectional Communication
-
Standard Encoding
-
System Owner/User Discovery
-
Masquerade Task or Service
-
DNS
-
File and Directory Discovery
-
Screen Capture
-
System Information Discovery
-
System Network Connections Discovery
Malware (4)
-
FamilyPublished 03/03/2026 20:03 · Modified 03/03/2026 20:03
-
AlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 Published 20/12/2025 19:39 · Modified 27/05/2026 21:40
-
FamilyPublished 03/03/2026 20:03 · Modified 03/03/2026 20:03
-
FamilyPublished 03/03/2026 20:03 · Modified 03/03/2026 20:03
Others (16)
- Government
- ns1.exchange4study.com
- revitpourtous.com
- ns2.onedriveconsole.com
- zhydromet.com
- mindssurpass.com
- splunkds.com
- ns1.onedriveconsole.com
- oicm.org
- ampolice.org
- exchange4study.com
- wikipedla.blog
- onedriveconsole.com
- protacik.com
- bigflx.net
- copilot-cloud.net