VERY IMPORTANT

A sophisticated cyber campaign targeting China Mobile Tietong Co., Ltd., a subsidiary of China Mobile, has been uncovered. The operation, dubbed DRAGONCLONE, utilizes VELETRIX and VShell malware to infiltrate systems. The attack chain begins with a malicious ZIP file containing executable files and DLLs, exploiting DLL sideloading against Wondershare Repairit software. VELETRIX, a loader, employs anti-analysis techniques and IPFuscation to decode and execute VShell, a cross-platform OST framework. The campaign shows infrastructure overlaps with known China-nexus threat actors like UNC5174 and Earth Lamia. The attackers utilize various tools including Cobalt Strike, SuperShell, and Asset Lighthouse System for reconnaissance and post-exploitation activities.