A previously undocumented China-aligned threat cluster dubbed LongNosedGoblin has been attributed to a series of cyber attacks targeting governmental entities in Southeast Asia and Japan.
The end goal of these attacks is cyber espionage, Slovak cybersecurity company ESET said in a report published today. The threat activity cluster has been assessed to be active since at least September 2023.
“LongNosedGoblin uses Group Policy to deploy malware across the compromised network, and cloud services (e.g., Microsoft OneDrive and Google Drive) as command and control (C&C) servers,” security researchers Anton Cherepanov and Peter Strýček said.
Group Policy is a mechanism for managing settings and permissions on Windows machines. According to Microsoft, Group Policy can be used to define configurations for groups of users and client computers, as well as manage server computers.
The attacks are characterized by the use of a varied custom toolset that mainly consists of C#/.NET applications –
NosyHistorian, to collect browser history from Google Chrome, Microsoft Edge, and Mozilla Firefox
NosyDoor, a backdoor that uses Microsoft OneDrive as C&C and executes commands that allow it to exfiltrate files, delete files, and execute shell commands
NosyStealer, to exfiltrate browser data from Google Chrome and Microsoft Edge to Google Drive in the form of an encrypted TAR archive
NosyDownloader, to download and run a payload in memory, such as NosyLogger
NosyLogger, a modified version of DuckSharp that’s used to log keystrokes
NosyDoor execution chain
ESET said it first detected activity associated with the hacking group in February 2024 on a system of a governmental entity in Southeast Asia, eventually finding that Group Policy was used to deliver the malware to multiple systems from the same organization. The exact initial access methods used in the attacks are presently unknown.
Further analysis has determined that while many victims were affected by NosyHistorian between January and March 2024, only a subset of these victims were infected with NosyDoor, indicating a more targeted approach. In some cases, the dropper used to deploy the backdoor using AppDomainManager injection has been found to contain “execution guardrails” that are designed to limit operation to specific victims’ machines.
Also employed by LongNosedGoblin are other tools like a reverse SOCKS5 proxy, a utility that’s used to run a video recorder to capture audio and video, and a Cobalt Strike loader.
The cybersecurity company noted that the threat actor’s tradecraft shares tenuous overlaps with clusters tracked as ToddyCat and Erudite Mogwai, but emphasized the lack of definitive evidence linking them together. That said, the similarities between NosyDoor and LuckyStrike Agent and the presence of the phrase “Paid Version” in the PDB path of LuckyStrike Agent have raised the possibility that the malware may be sold or licensed to other threat actors.
“We later identified another instance of a NosyDoor variant targeting an organization in an E.U country, once again employing different TTPs, and using the Yandex Disk cloud service as a C&C server,” the researchers noted. “The use of this NosyDoor variant suggests that the malware may be shared among multiple China-aligned threat groups.”
The firm behind President Donald Trump’s Truth Social platform is merging with a Google-backed energy company in a deal valued at more than $6bn (£4.4bn).
Trump Media & Technology Group (TMTG) and TAE Technologies announced the plans on Thursday in a joint statement, which said the move would “create one of the world’s first publicly traded fusion companies”.
Fusion power is a method of generating energy from heat released by nuclear fusion reactions. It could release vast amounts of energy with little associated radioactivity.
The statement said the combined company planned to begin constructing the “world’s first utility-scale fusion power plant” next year, with further plants to follow.
Under the merger both firms will have an equal 50% share in ownership after the deal is completed, which is expected by mid-2026 pending regulatory and shareholder approvals.
The combined company will have a nine-member board including Trump Media’s current chief executive Devin Nunes, who will be co-chief executive of the new firm, and the president’s son Donald Trump Jr.
TAE Technologies provides technology for energy storage and power delivery systems for batteries and electric vehicles. Its umbrella organisation, TAE Life Sciences, develops technologies and drugs for treating cancer patients.
The tie-up with the firm signals a bold and surprising shift for Trump Media, as it moves from social media and financial offerings into the energy sector.
Mr Nunes said his firm was “taking a big step forward toward a revolutionary technology that will cement America’s global energy dominance for generations”.
Calling fusion power the “most dramatic energy breakthrough” since the 1950s, he said Trump Media would bring “the capital and public market access” to help make TAE’s technology commercial viable.
As part of the agreement, Trump Media is to provide up to $200m (£149m) of cash to TAE Technologies when completion of the deal is signed. An additional $100m (£74.7m) will be available once the transaction has been registered.
Surging electricity demand for AI data centers has revived interest in cleaner and reliable nuclear power, including restarting shuttered reactors, expanding existing ones and signing contracts for future small modular reactors.
The joint statement said TAE Technologies had raised more than $1.3bn of funding from other investors including Google and Goldman Sachs.
Trump Media, which mainly generates revenue from advertising on the Truth Social platform, has consistently clocked losses since it began. It posted a decline in revenue and a loss of $54.8m (£40.9m) in the third quarter ending September.
Ukraine’s president has warned Europe’s leaders that an agreement has to be reached by the end of the year
Volodymyr Zelensky has called on EU leaders at a crunch summit urgently to agree to a multi-billion euro loan in frozen Russian money to fund Ukraine’s military and economic needs.
Ukraine is months from running out of cash and Zelensky said without an injection by spring Ukraine “will have to reduce production of drones”.
Most of Russia’s €210bn (£185bn; $245bn) worth of assets in the EU are held by Belgium-based organisation Euroclear. Until now Belgium and some other member states have said they are opposed to using the cash as a “reparations loan”.
Russia has warned EU leaders not to use its money, but Polish Prime Minister Donald Tusk said they had to “rise to this occasion”.
The Brussels summit comes at a pivotal moment in the war and Russia has filed a lawsuit against Euroclear in a Moscow court in a bid to get its money back.
Zelensky said Ukraine was definitely facing a 45-50bn [euro] deficit next year, and European Commission chief Ursula von der Leyen vowed “we will not leave the summit without a solution”. One European government official described being “cautiously optimistic, not overly optimistic” that a deal would be agreed.
All eyes are on Belgian Prime Minister Bart De Wever, who told the Belgian parliament on Thursday that if everything was nailed down and shared by the rest of the EU, “then we’ll jump into the abyss together with the rest of the Europeans and hope the parachute holds us”.
Watch: BBC correspondent explains European divisions on financial support for Ukraine
Meanwhile, US President Donald Trump has said a deal is closer than ever to end the war – which began with Russia’s full-scale invasion of Ukraine in February 2022.
US and Russian officials are due to meet in Miami this weekend for further talks on a peace plan, a White House official has told AFP news agency. It is thought Kremlin envoy Kirill Dmitriev will talk to Trump envoys Steve Witkoff and Jared Kushner in Miami.
Ukrainian officials are also heading to the US, and President Zelensky, who is in Brussels, said Kyiv needed the money, either to support its army if the war continued, or to direct the funding entirely for recovery: “It’s moral, it’s fair and it’s legal, confirmed by the expertise of many, many professionals.”
Russia has not yet responded to the latest peace proposals, but the Kremlin has stressed that plans for a European-led multinational force for Ukraine supported by the US would not be acceptable.
President Vladimir Putin made his feelings towards Europe clear on Wednesday, when he said the continent was in a state of “total degradation” and that “European piglets” – a derogatory description of Ukraine’s European allies – were hoping to profit from Russia’s collapse.
Alexander KAZAKOV/POOL/AFP
Those in favour of loaning Ukraine the money believe it will help deter Putin from continuing the war
The European Commission – the EU’s executive arm – has proposed loaning Kyiv about €90bn (£79bn) over the next two years – out of the €210bn of Russian assets sitting in Europe.
That is about two-thirds of the €137bn that Kyiv is thought to need to get through 2026 and 2027.
Until now the EU has handed Ukraine the interest generated by the cash but not the cash itself.
“This is a crunch time for Ukraine to keep fighting for the next year,” a Finnish government official told the BBC. “There are of course peace negotiations but this gives Ukraine leverage to say ‘we’re not desperate and we have the funds to continue fighting’.”
The head of the European Commission says it will also ramp up the cost of war for Russia.
Russia’s frozen assets are not the only option on the table for EU leaders. Another idea, backed by Belgium, is based on the EU borrowing the money on the international markets, using the EU budget as a guarantee.
However, that would require a unanimous vote and Hungary’s Viktor Orban has made it clear he will not allow any more EU money to help Ukraine.
For Ukraine, the hours ahead are significant and EU leaders have been keen to stress the momentous nature of the loan decision.
“We know the urgency. It is acute. We all feel it. We all see it,” Ursula von der Leyen told the European Parliament.
EPA
Ursula von der Leyen told the European Parliament that two choices were on the table for EU leaders
German Chancellor Friedrich Merz has played a leading role in pushing for the Russian assets to be used, telling the Bundestag on the eve of the summit it was about sending a “clear signal” to Moscow that continuing the war was pointless.
EU officials are confident they have a sound legal basis to use the frozen Russian assets, but so far the Belgian prime minister remains unconvinced.
Hungary is seen as the biggest opponent of the move and, ahead of the summit, Prime Minister Orban and his entourage even suggested that the frozen assets plan had been removed from the summit agenda. A European Commission official stressed that was not the case and it would be a matter for the 27 member states at the summit.
Slovakia’s Robert Fico has also opposed using the Russian assets, if it means the money being used to procure weapons rather than for reconstruction needs.
When the pivotal vote does finally take place, it will require a majority of at least 15 member states making up 65% of Europe’s population to go through. Whatever happens, European Council President António Costa has promised not to go over the heads of the Belgians.
“We’re not going to vote against Belgium,” he told Belgian public broadcaster RTBF. “We’ll continue to work very intensively with the Belgian government because we don’t want to approve something that might not be acceptable for Belgium.”
Belgium will also be aware that ratings agency Fitch has placed Euroclear on a negative watch, partly because of “low” legal risks to its balance sheet from the European Commission’s plans to use the Russian assets. Euroclear’s chief executive has also warned against the plan.
“We have to find a way to respond to Belgium’s worries,” the Finnish official added. “We are on the same side as Belgium. We will find a solution together to make sure all the risks are checked as much as they can be checked.”
However, Belgium is not the only country to have doubts, and a majority is not guaranteed.
Italian Prime Minister Giorgia Meloni has told Italian MPs she will endorse the deal “if the legal basis is solid”.
“If the legal basis for this initiative were not solid, we would be handing Russia its first real victory since the beginning of this conflict.”
Malta, Bulgaria and the Czech Republic are also said to be unconvinced by the controversial proposals.
If the deal is passed and the Russian assets are given to Ukraine, the worst-case scenario for Belgium would be one in which a court would order it to hand the money back to Russia.
Some countries have said they would be prepared to provide billions of euros in financial guarantees, but Belgium will want to see the numbers add up.
At any rate, Commission officials are confident that the only way for Russia to get it back would be by paying reparations to Ukraine – at which point Ukraine would hand its “reparations loan” back to the EU.
