LongNosedGoblin tries to sniff out governmental affairs in Southeast Asia and Japan

ESET researchers discovered and analyzed a previously undocumented China‑aligned APT they named LongNosedGoblin, which targeted governmental entities in Southeast Asia and Japan for cyberespionage. The group uses a diverse custom .NET/Go toolset (NosyHistorian, NosyDoor, NosyStealer, NosyDownloader, NosyLogger, ReverseSocks5 and others), performs lateral movement via Active Directory Group Policy, leverages cloud services (OneDrive, Google Drive/Docs) for C2 and exfiltration, and employs advanced evasion techniques including AppDomainManager injection and AMSI bypass; the report includes detailed technical analysis, IoCs, and MITRE ATT&CK mappings.