Operation LongFang

Type

Campaign

Actors

❓Unknown

Pub. date

January 24, 2025

Initial access

1-day vulnerability

Impact

Data exfiltration

Observed techniques

Vulnerability exploitation Process injection Webshell deployment Public exposure abuse

Observed tools

Cobalt Strike Mimikatz

References

https://medium.com/@gunthertrigger/operation-longfang-attribution-and-analysis-of-a-chinese-cyber-espionage-campaign-9716da62b924

Status

Finalized

Last edited

Mar 19, 2025 12:08 PM

Operation LongFang is a cyber-espionage campaign, attributed to a Chinese threat actor, targeting Latin American government entities. First detected in December 2024, it has been active for at least two years. The campaign's initial access was achieved by exploiting vulnerabilities in web applications, followed by the deployment of Cobalt Strike for command and control (C2). The attackers demonstrated a high level of persistence and technical sophistication, leveraging recently patched vulnerabilities, evasion tactics, and privilege escalation techniques. Their primary goal appeared to be the exfiltration of sensitive government data, including strategic plans and infrastructure blueprints. The operation also involved extensive reconnaissance, credential harvesting, and lateral movement within compromised networks