Dragon Breath APT Uses RONINGLOADER for Gh0st RAT Attacks

The Dragon Breath threat actor is using a multi-stage loader called RONINGLOADER to deliver a modified Gh0st RAT. The campaign targets Chinese-speaking users with trojanized installers disguised as legitimate software. The infection chain employs various evasion techniques, including signed drivers and custom WDAC policies, to neutralize popular endpoint security products. The final payload, Gh0st RAT, is designed to communicate with a remote server, execute commands, and capture keystrokes.

Latest mentioned: 11-17

Earliest mentioned: 11-14

Sources

gbhackers.com thehackernews.com

Also Read

Cyber-Attack Exploits Google Find Hub to Wipe Android Data

A new cyber-attack has been discovered exploiting Google’s Find Hub service to remotely wipe data from Android devices. The attack, linked to a long-running APT campaign, involved distributing malicious files disguised as stress-relief programs through a popular messenger. Attackers impersonated psychological counselors and human rights activists to gain trust. Once executed, the infected files obtained Google account credentials and triggered the Find Hub remote-wipe function, deleting all data on targeted smartphones and tablets. This marks the first confirmed case of a state-sponsored group abusing Google’s device management feature for destructive operations.

11-12Read more →