China's Silver Dragon Razes Governments in EU, SE Asia
Dark Reading
by Elizabeth MontalbanoMarch 4, 2026
AI-Generated Deep Dive Summary
A newly identified cyber threat group, Silver Dragon, linked to the powerful Chinese APT41 network, has emerged as a sophisticated player in global cyberespionage. Operating since mid-2024, Silver Dragon primarily targets government entities in Southeast Asia and Europe through phishing campaigns that exploit legitimate network services for persistence and command-and-control (C2) activities. This group stands out for its ability to blend malicious actions with normal system operations, making it difficult to detect.
Silver Dragon's tactics involve hijacking existing servers and services to obscure its activities. Initial access is gained through phishing emails containing malicious attachments or links, which then deliver payloads like Cobalt Strike beacons and custom tools such as GearDoor, SSHcmd, and SilverScreen. These tools enable the group to maintain long-term persistence, evade detection, and carry out surveillance by capturing screenshots of user activity. The use of legitimate cloud services like Google Drive for C2 communication further adds a layer of disguise.
The group's sophistication is evident in its continuous evolution of tactics, including diverse vulnerability exploits and file-based C2 communication. This adaptability underscores Silver Dragon's potential to remain a persistent threat in the cybersecurity landscape. Its ability to target critical government infrastructure and exploit vulnerabilities makes it a significant concern for national security and global stability. As cyber threats continue to grow, understanding the operations of groups like Silver Dragon is crucial for developing effective defense strategies.
Verticals
securitytech
Originally published on Dark Reading on 3/4/2026