Silver Dragon: Chinese-Nexus Cyber Espionage Group Targeting Governments in Asia and Europe

Check Point Research has identified and tracked a cyber espionage campaign targeting government organizations across Southeast Asia and parts of Europe. We designate this activity cluster as Silver Dragon, which has been active since at least mid-2024.

The campaign combines server exploitation, phishing, custom malware, and cloud-based command infrastructure to establish long-term access in targeted environments. Based on multiple converging indicators, Check Point Research assesses with high confidence that Silver Dragon is a Chinese-nexus threat actor, likely operating within the umbrella of APT41.

What makes this activity notable is not a single technique, but the combination: stealthy persistence inside legitimate Windows services, use of trusted cloud platforms for command-and-control, and a toolkit designed for sustained access rather than disruption.

Silver Dragon’s Targets

Silver Dragon primarily targets government entities, with most identified victims located in Southeast Asia. Additional activity has been observed in Europe.

The victim profile, combined with the ...