Operation Dragon Breath (APT-Q-27): Dimensional Reduction Attack Against the Gambling Industry

Description

A threat group known as Golden Eye Dog (APT-Q-27) has been targeting individuals involved in gambling and related activities in Southeast Asia, as well as overseas Chinese communities. The group's operations include remote control, cryptocurrency mining, DDoS attacks, and traffic-related activities. Their malware samples are primarily distributed through Telegram groups, with strong anti-detection capabilities and highly targeted lures. The article describes new watering hole activities by the group, including the use of modified MSI installers for popular messaging apps like Telegram. The group has evolved its tactics since previous reports, making their operations more covert and difficult to detect. The analysis reveals the group's use of various programming languages and sophisticated techniques, suggesting it may be part of a larger, more advanced organization called Miuuti Group.