Operation LongFang is a cyber-espionage campaign, attributed to a Chinese threat actor, targeting Latin American government entities. First detected in December 2024, it has been active for at least two years. The campaign's initial access was achieved by exploiting vulnerabilities in web applications, followed by the deployment of Cobalt Strike for command and control (C2). The attackers demonstrated a high level of persistence and technical sophistication, leveraging recently patched vulnerabilities, evasion tactics, and privilege escalation techniques. Their primary goal appeared to be the exfiltration of sensitive government data, including strategic plans and infrastructure blueprints. The operation also involved extensive reconnaissance, credential harvesting, and lateral movement within compromised networks
Type
Campaign
Actors
Unknown
Pub. date
January 24, 2025
Initial access
1-day vulnerability
Impact
Data exfiltration
Observed techniques
Vulnerability exploitationProcess injectionWebshell deploymentPublic exposure abuse
Observed tools
Cobalt StrikeMimikatz
References
https://medium.com/@gunthertrigger/operation-longfang-attribution-and-analysis-of-a-chinese-cyber-espionage-campaign-9716da62b924
Status
Finalized
Last edited
Mar 19, 2025 12:08 PM