Automatically translated.View original post

Chinese hacker group exploits Windows, releases malware

A group of Chinese hackers, taking advantage of Windows Group Policy, released malware on companies.

Windows Group Policy is another important tool for administrators, or Administrators, of enterprise IT to manage enterprise-level Windows policies, but this feature also has a vulnerability for hackers to use.

According to a report by the website Cyber Security News, the detection of spying campaigns against government agencies in Southeast Asia, including Thailand and Japan, by the work of Chinese-backed hackers like LongNosedGoblin, a research team from Welivesecurity, a subsidiary of the well-known anti-virus software developer ESET that has been monitoring the movements of such hackers for a long time, has revealed that hackers have been moving since 2023 (2024) using malware created on C # and C #. NET to invade the target's system with the aim of obtaining information from the victim's system.

One interesting attack technique is that the group has used a feature to oversee the system policies of employees in an organization like Windows Group Policy to spread malware to other points of the system within the organization, or Lateral Movement, and also to release other malware into the system through this channel. It relies on the infrastructure of an Active Directory folder management system to spread malware into machines within the organization and avoid malware detection systems at the same time.

Using this tool to spread malware, the research team found that it was used to spread NosyHistorian malware into targeted organizations with the aim of stealing data on web browsers, where the malware was first detected in the year 2024. (2567) According to an investigation of a network attack on a Southeast Asian state organization, several machines within the same network were infected with this malware. Evidence of the use of Windows Group Policy comes from the detection of policy files such as History.ini and Registry .pol that hackers forged as real files to modify the settings in the use of the feature.

In addition to the above-mentioned malware, it has been found to be used to spread malware of the type that creates a login back door or a backdoor called NosyDoor with the beginning of sending malware down the system. It starts by converting the Registry .pol file first to act as a malware extension (Dropper), leading to the decryption of malware files (Payload) by using the Data Encryption Standard (DES) with a key called UevAppMo. In addition to that, to prevent malware from being grunned on non-target machines, the Dropper also inadvertently ran anti-malware or Guardrails to Prevented, too.

After confirming that the Payload file has been properly released on the target machine, the malware will create a persistence in the system by creating a task schedule that will run the UevAppMonitor.exe file, a valid Windows application file that has been copied from the System32 folder to the. NET framework to implement the task as a malware tool with application implementation techniques already on the machine; or Living-off-the-Land through firing (Injection), a new setup of AppDomainManager to lead to the loading of NosyDoor malware DLL files.

In the next step, after the malware has successfully received the Configuration value, the malware decrypts the received settings (under the name log.cached, beautified) and then uses that setting to contact Microsoft OneDrive through the RSA-encrypted Metadata to retrieve commands (Command) within OneDrive in the Task File section to work on the next step.

# Welcome 2026 # Take care of yourself # Open budget # Includes IT matters # Trending

1/7 Edited to

... Read moreจากประสบการณ์การติดตามข่าวสารและวิธีป้องกันด้านความปลอดภัยในองค์กร พบว่าเครื่องมืออย่าง Windows Group Policy ถือเป็นหนึ่งในฟีเจอร์ที่องค์กรต่างๆ ใช้กันอย่างแพร่หลายเพื่อบริหารจัดการการตั้งค่าระบบให้เป็นไปตามนโยบายขององค์กรแต่ก็มีความเสี่ยงสูงเมื่อแฮกเกอร์สามารถเข้าควบคุมและใช้เป็นช่องทางปล่อยมัลแวร์ได้ การที่แฮกเกอร์กลุ่ม LongNosedGoblin ใช้เทคนิคแบบ Living-off-the-Land ทำให้มัลแวร์สามารถซ่อนตัวได้ดีและยากต่อการตรวจจับ เนื่องจากใช้เครื่องมือและไฟล์ระบบที่มีอยู่แล้วใน Windows เช่น UevAppMonitor.exe ที่ทำให้มัลแวร์สามารถสร้างความคงอยู่ในระบบและทำงานได้อย่างต่อเนื่องโดยไม่ถูกสงสัย วิธีการแพร่กระจายมัลแวร์ผ่านไฟล์ Registry.pol ที่ถูกดัดแปลงเพื่อใช้ปล่อยมัลแวร์ NosyDoor นั้น ถือว่าหลักแหล่งและมีการเข้ารหัสข้อมูลอย่างแนบเนียนโดยใช้มาตรฐานอย่าง RSA และ DES ทำให้การสืบสวนและลบมัลแวร์เหล่านี้มีความซับซ้อนมากขึ้น การใช้งาน Microsoft OneDrive ในการรับคำสั่งและควบคุมมัลแวร์ก็เป็นอีกหนึ่งกลยุทธ์ที่ช่วยให้มัลแวร์สามารถทำงานเชื่อมต่อกับโครงข่ายระยะไกลได้อย่างราบรื่นและปลอดภัยจากการตรวจจับที่เคร่งครัดของระบบป้องกัน สำหรับองค์กรที่ต้องการป้องกันตัวเอง ควรมีการตรวจสอบนโยบาย Group Policy อย่างเข้มงวด นำระบบตรวจจับพฤติกรรมผิดปกติ (Behavioral Detection) เข้ามาช่วยเสริม พร้อมทั้งติดตั้งซอฟต์แวร์แอนตี้ไวรัสและอัปเดตระบบ Windows อยู่เสมอ นอกจากนี้การฝึกอบรมพนักงานเรื่องความปลอดภัยไซเบอร์ และการจัดระเบียบสิทธิ์การเข้าถึงระบบอย่างเหมาะสมจะช่วยลดความเสี่ยงที่จะถูกโจมตีจากช่องโหว่เหล่านี้ได้อย่างมาก การติดตามและวิเคราะห์พฤติกรรมของมัลแวร์ที่แฝงตัวด้วยวิธี Living-off-the-Land ยังเป็นสิ่งจำเป็นสำหรับผู้ดูแลระบบ IT หากพบเจอไฟล์หรือกิจกรรมที่น่าสงสัยควรมีการแจ้งเตือนและตอบสนองอย่างรวดเร็ว เพื่อป้องกันการลุกลามและเพิ่มความเสียหายต่อองค์กรในระยะยาว

Related posts

A young woman with long dark hair, wearing a pink satin shirt, smiles at the camera while sitting at a table. Overlay text reads: 'Tools and sites I use as a cybersecurity student to progress my skills and keep me interested in studying'.
A screenshot of 'The Hacker News' website, displaying various cybersecurity news articles from January 2025, including topics like vulnerabilities, malware, cyber espionage, and AI jailbreak methods. An ad for Zscaler and a banner for CIS Hardened Images are also visible.
A screenshot of the O'Reilly learning platform, showing various books and expert playlists related to AI, engineering, and data. Overlay text highlights the subscription cost ($50/month or $499/year) and its value for accessing books and live events.
Tools and sites I use as a cybersecurity student 🌸
#cybersecuritystudent #cybersecurity #techgirlie
LexiStudies

LexiStudies

110 likes

A computer monitor displays the title "FUN ROBLOX GAMES TO KILL YOUR BOREDOM" in white and gray text, with two white speakers on the desk below.
A computer monitor displays the Roblox game page for "Taxi Boss," featuring car images and game details. Overlay text describes the game as a fast-paced driving challenge to become the ultimate taxi boss.
A computer monitor displays the Roblox game page for "Dress to Impress," showing fashion-themed images and game details. Overlay text describes the game as a fashion-forward experience to create stunning outfits and compete.
Fun Roblox Games to Kill Your Boredom✨
Looking for exciting and entertaining Roblox games to dive into? These games offer unique challenges and plenty of fun for solo players or groups. Check them out: 1.Taxi Boss✨ Test your driving skills and hustle your way to the top in this fast-paced game. Pick up passengers, customize your car
Nathally

Nathally

16.9K likes

Why Your Body Goals Shouldn’t Be Based on Theirs🚩
On this side of social media, we keep it 💯 I went back and forth about writing this, but as someone who has worked in the fitness industry for years, it amazes me—and honestly saddens me—to see the lengths some people go to for likes, views, and money. I’ve seen it firsthand: influencers lying a
Sky | CPT

Sky | CPT

393 likes

A Nintendo Switch console with custom joy-cons rests on a gray blanket, displaying the home screen with game icons including Stardew Valley, Cinderella, Pokémon HOME, and Hogwarts. Overlaid text reads "Nintendo FINDS."
A Nintendo Switch screen shows the Stardew Valley title screen with options for NEW, LOAD, and Co-op. Overlaid text mentions the game goes on sale and an update is coming, adding "I got it for 3.99."
A Nintendo Switch screen displays the Palia title screen, featuring a vibrant landscape with a windmill and mountains. Overlaid text states "This game is free FREE" and describes it as a cute game played often.
2 Cheap Nintendo games. ✨
If you like animal crossing I think you’ll love stardew valley. It’s also multiplayer. If you already play stardew I can post about a few cheats and exploits to help you with your game. What other games do you guys play ? I have a few more I can share. #nintendo switch #gamergirl
Shawna S.

Shawna S.

229 likes

A book recommendation for 'Three Simple Rules' by Nikki Sloane, featuring keywords like age gap, boss X employee, BDSM, edging, forbidden, and she's his secretary. The cover shows a couple embracing.
A book recommendation for 'Owned By Fate' by Tessa Bailey, highlighting keywords such as angst, insta-love, dirty talk, alpha hero, Dom/sub dynamic, and journalist FMC. The cover features red fabric.
A book recommendation for 'Unfurl' by Elodie Hart, with keywords including virgin FMC, age gap, role play, group scenes, bonding over religious trauma, and sex club owner MMC. The cover shows a man in an open shirt.
Sex club book Recommendations 🥵🙃🔥
Available on Amazon! :) #darkromancebooks #darkromancereader #spicyrecommendations #bookrecommendations
littleb_TX

littleb_TX

47 likes

Welcome to the practical magic side of TikTok ✨🌧️ Where the candles burn slow, the rain whispers spells, and the vibes are darkly cozy. #PracticalMagic #WitchyVibes #MoodyAesthetic #DarkCottagecore #Whimsigoth #CozyWitchTok #RainyDayVibes #CottagecoreMagic #Witchcore #OutdoorAmbience
hannahreneex23

hannahreneex23

235 likes

An animated fox and a large tiger stand in a sunlit forest. The title "Idiom Story The fox exploits the tiger's might" is displayed above them, with "狐假虎威" at the bottom.
A large, angry tiger with bared teeth pins a small, frightened fox to the ground in a forest. The text describes the tiger finding and pinning the fox for a meal.
A cunning fox looks up at a large tiger, who appears thoughtful. The text describes the fox claiming to be the king of animals appointed by the Heavenly Emperor.
4 【Idiom Story】The fox exploits the tiger‘s might
The story of "The Fox Borrows the Tiger's Might" conveys the lesson that some people rely on the power of others to achieve their goals. Although they may appear strong on the surface, they lack real strength. This idiom warns us not to be deceived by appearances and reminds us that exc
Alex‘s idiom

Alex‘s idiom

9 likes

Happy Augtober to everyone romanticizing the slow shift from summer sunshine to spooky season vibes 🎃✨ You’ll catch me sipping cozy drinks, lighting candles, and fully pretending it’s October already 🕯️🌻🍂📖 #softspookyseason #Augtober #CozyVibes #Summerween #SpookySeasonPrep #Cottageco
hannahreneex23

hannahreneex23

21 likes

Replying to @Kenshins Closet 2 Weeks away! Jade Leech fun facts 🐬 #jadeleech #twst #twistedwonderland #ツイステ #ツイステッドワンダーランド
MandaNeverLeft

MandaNeverLeft

4 likes

A bookstore aisle features multiple shelves filled with romance novels, including titles by Emily Henry, Abby Jimenez, and Colleen Hoover. Two black signs overhead clearly label the sections as "Romance."
A book cover for Ali Hazelwood's "Problematic Summer Romance" is displayed, showing a woman and man relaxing by water. Overlays highlight details like its May 27th release, being a sequel, set in Italy, and featuring a biotech guy and grad student.
The book cover for Ali Hazelwood's "Mate" is shown, depicting a woman looking at a wolf silhouette against a green, starry forest. Text overlays indicate its October 7th release, being a sequel to "Bride," and its paranormal romance, werewolf x vampire themes.
Upcoming book releases for the hopeless romantic 💖
As a HUGE Ali Hazelwood fan, I’m incredibly excited for her two upcoming releases this year! First up we have Problematic Summer Romance which I already KNOW I’m going to love. Her books always combine smart, witty characters with heartfelt emotion and irresistible chemistry. I love how she cre
Bethany Taylor

Bethany Taylor

79 likes

Ways to deal with different types of narcissist
Narcissus

Narcissus

7 likes

Quantum Mechanics 101
#physicstok #quantummechanics #richardfeynman #quantumphysics #wernerheisenberg
sarah abou hadir

sarah abou hadir

6 likes

Hand write the Bible
I’ve been handwriting the Bible as part of a personal challenge for myself. Here’s a snippet of my late night writing exploits in my NLT project notebook. Currently writing Romans. #faithbasedwriting #scripturewritingwithme #handwritethebible #bible
BeingTiff

BeingTiff

32 likes

bored af this game
AnonGaming

AnonGaming

0 likes

#deadpool #movie #scifi #foryou #fyp
bnxncn

bnxncn

0 likes

MzGloria PrettyWings Newsome

MzGloria PrettyWings Newsome

2 likes

STOP MIXING PRODUCTS! #aggietheskincarenurse #nurseskincareroutine #kenyansinusa🇺🇸 #kenyantiktok🇰🇪 #diasporatiktok
𝐀𝐆𝐆𝐈𝐄| Theskincarenurse

𝐀𝐆𝐆𝐈𝐄| Theskincarenurse

0 likes

A dark room with a television displaying 'The Purge' movie, a bowl of popcorn, and a blanket, suggesting a cozy movie-watching setup. The text overlay reads 'The best horror movies on Hulu'.
A collage of six horror movie posters: Bone Tomahawk, Mandy, Watcher, The Autopsy of Jane Doe, Bad Hair, and The Boogeyman.
A collage of six horror movie posters: Alien, Prey, Clock, Good Boy, Infinity Pool, and Monsters.
The best horror movies on Hulu 🎥
– Bone Tomahawk (2015) Genre: Western, Horror, Drama Stars: Kurt Russell, Patrick Wilson, Richard Jenkins Directed by S. Craig Zahler Kurt Russell stars in S. Craig Zahler’s Western horror film Bone Tomahawk, opposite an ensemble that also includes Patrick Wilson and Oscar-nominee Richard Jen
Rachelle Smith

Rachelle Smith

202 likes

An astrology cheat sheet titled 'Astrology simplified' lists the meanings of Rising Sign, Sun, Moon, Mercury, Venus, Mars, Jupiter, Saturn, Uranus, Neptune, and Pluto. It encourages making a free natal chart via MagicalRecipesOnline.com and features the handle @magicalrecipesonline.
Astrology simplified ✨
#lemon8diarychallenge #astrology #Lemon8Diary #astrologygirl #astrologersoflemon8 #LIBRA #pisces #aquarius #sagittarius #gemini
✨ Sarah ✨

✨ Sarah ✨

31 likes

Elaine Brown

Elaine Brown

4 likes

iPhone 17’s new security upgrade will stop hackers “Newsletter”👇🏼 Follow for more cyber news and tips
Cybersecurity Girl

Cybersecurity Girl

14 likes

Genuinely how do speedrunners find all these exploits #fyp #gaming #speedrun
zensu

zensu

0 likes

Feeling betrayed @Netflix 😭 also why is Google playing the game too #strangerthings #conformitygate #episode9 #betrayed
Cassie.meschke

Cassie.meschke

19 likes

Good Tubi moviesPt. 11 🎥
#tubimoviestowatch #movieideas #movies 🍿 🎬 #tubi #movienight
🌼bunnz_bunnz🐞

🌼bunnz_bunnz🐞

38 likes

OHEMAH EXPLOITS

OHEMAH EXPLOITS

2 likes

A black and white portrait of Aunt Caroline Dye, an elderly Black woman, with text overlays "Voodoo Queen" and "GET TO KNOW AUNT CAROLINE DYE," adorned with a crown, praying hands, and a dove emoji.
A moss-covered tombstone in a graveyard, inscribed with "CAROLINE DYE DIED SEPT 26, 1918 AGED 108 YRS," surrounded by dry leaves and grass.
A text box detailing Caroline Tracy's marriage to Martin Dye on June 16, 1867, and her motherhood to one child, Mary, who died at 11 months old, noting they reared several children.
get to know your Aunt Caroline Dye 🍋✨
Alright baby, let me take you back and tell you ’bout one of our powerful ancestors—Aunt Caroline Dye, the Voodoo Queen of Arkansas. This woman wasn’t just known in her town—folks came from all over the South just to get a glimpse of her light and feel her spirit work. You feel me? Aunt Caro
The Hidden Porch ©

The Hidden Porch ©

123 likes

50_Cent_has_stated_that_the_documentary_will_absol
50_Cent_has_stated_that_the_documentary_will_absolutely_not_be_taken_down_due_to_Diddy_s_lawsuit. #usa _ #fpy _ #foryoupage _ #50cent _ #diddy ___
Bnt.American.Vibeshttps://kit.

Bnt.American.Vibeshttps://kit.

23 likes

A flat lay of various book covers on a colorful crocheted blanket, with overlaid text "my winter TBR Ft. a book outlet haul" and snowflake graphics. Visible titles include "1984 Julia", "Clytemnestra", "Disorientation", and "Starling House".
The cover of "Starling House" by Alix E. Harrow, featuring dark art with birds and a house, on a crocheted blanket. Overlaid text indicates it's 320 pages, fantasy, gothic, and almost horror, with a goodreads summary.
The cover of "Disorientation" by Elaine Hsieh Chou, showing a pink room with scattered items, on a crocheted blanket. Overlaid text indicates it's 403 pages, contemporary, literary fiction, and satirical, with a goodreads summary.
winter TBR & book haul ❄️
If there’s one thing i love more than books, it’s CHEAP books!! I grabbed so many titles on my to-buy list (and some i keep seeing talked about by my trusted book influencers) from book outlet when they had their $5.99 sale! Literally everything was $5.99–paperbacks, hardcovers, you name it. Hel
molly

molly

33 likes

06_18_22_55
cuteandpetdog

cuteandpetdog

0 likes

A promotional image with the title "Romance anime's you need to watch!" featuring an anime eye with a heart pupil, pink hearts, and the instruction "SWIPE" on a black background.
A collage of anime covers featuring "Kimi ni Todoke" with a couple, "Wolf Girl and Black Prince" with multiple characters, and "Ao Haru Ride" with a group of students outdoors.
A collage of anime covers including "A Sign of Affection" with a couple under umbrellas, "Itakiss" with a couple, and "Okami-san & Her Seven Companions" featuring a female character.
Must have romance anime to watch ✨🥰🫶
These are all such good romance anime going from all different perspectives and ages. Lovely complex- Koizumi's just started high school, and she's got a little problem: for a girl, she's super tall! Meanwhile, her classmate Otani's got a big problem: he's virtually a midget,
Nicole

Nicole

669 likes

OHEMAH EXPLOITS

OHEMAH EXPLOITS

2 likes

OHEMAH EXPLOITS

OHEMAH EXPLOITS

3 likes

OHEMAH EXPLOITS

OHEMAH EXPLOITS

1 like

SATURDAY | 18 APRIL 2026 | Cybersecurity Report
The perimeter is shrinking and the threats are moving faster than ever. From massive dating app leaks to "zero-click" exploits, host Arias Thomas breaks down the breaches you need to know about this Saturday, April 18, 2026. Today’s High-Priority Intel: 💔 Match Group Breach: 10 mil
Cyber F.M.

Cyber F.M.

0 likes

Replying to @Ob-la-orla ☮️🎞️ #vegan #animalrights #bipoc
Cinnamon Toast Munch

Cinnamon Toast Munch

0 likes

OHEMAH EXPLOITS

OHEMAH EXPLOITS

1 like

Replying to @Dumb_Dolly Its all connected. It’s all one big project. #iran #sudan #trumpwar #uae #congo
Kiki Rae Real

Kiki Rae Real

9 likes

OHEMAH EXPLOITS

OHEMAH EXPLOITS

2 likes

Boudica Queen of The Iceni ⚔️🐴
#historytiktok #medieval #celtic #historical fiction #historyfacts
iNorse 🇺🇸 ᛟ ᛏ

iNorse 🇺🇸 ᛟ ᛏ

1 like

OHEMAH EXPLOITS

OHEMAH EXPLOITS

1 like

OHEMAH EXPLOITS

OHEMAH EXPLOITS

1 like

More Meghan Markle controversy 👀 The Girl Scouts and critics are fuming! Some claim she didn’t even watch the documentary before signing on as executive producer—and here’s why. Thoughts? #MeghanMarkle #PrinceHarry #AsEver #SussexRoyal #WithLoveMeghan
Cactus Crumpet

Cactus Crumpet

0 likes

How to make Bitcoin Programmable
How to make Bitcoin Programmable . . #bitcoin #bitcoinnews #btc #podcast #blockhashpodcast
BlockHash Podcast

BlockHash Podcast

1 like

See more