Operation DRAGONCLONE: Chinese Telecom Targeted by Malware
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
A sophisticated cyber campaign targeting China Mobile Tietong Co., Ltd., a subsidiary of China Mobile, has been uncovered. The operation, dubbed DRAGONCLONE, utilizes VELETRIX and VShell malware to infiltrate systems. The attack chain begins with a malicious ZIP file containing executable files and DLLs, exploiting DLL sideloading against Wondershare Repairit software. VELETRIX, a loader, employs anti-analysis techniques and IPFuscation to decode and execute VShell, a cross-platform OST framework. The campaign shows infrastructure overlaps with known China-nexus threat actors like UNC5174 and Earth Lamia. The attackers utilize various tools including Cobalt Strike, SuperShell, and Asset Lighthouse System for reconnaissance and post-exploitation activities.
OPENCTI LABELS :
cobalt strike,cve-2024-1709,unc5174,dll sideloading,supershell,china-nexus,cve-2025-31324,veletrix,earth lamia,asset lighthouse system
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Operation DRAGONCLONE: Chinese Telecom Targeted by Malware