CHINA’S Silver Dragon has emerged as a significant cyber-espionage actor, operating since at least mid-2024 and targeting government entities in Southeast Asia and Europe, according to Check Point. The group, described as a spinoff of APT41, conducts phishing-laced campaigns to gain initial access and then hijacks legitimate Windows services to maintain persistence and blend activity with normal system use.
It relies on existing servers and services, delivers malware via ZIP archives and LNK attachments, and has used a GearDoor backdoor with Google Drive as its C2 channel, alongside other tools such as SSHcmd and SilverScreen. Check Point linked Silver Dragon to APT41 through strong tradecraft similarities, noting its capability to adapt tooling and employ diverse vulnerability exploits across campaigns.
Organisations, particularly in the public sector, are urged to patch Internet-facing systems, monitor Windows service configurations for unauthorized changes, and watch for IoCs disclosed in Check Point’s report.