A number of cyberattacks against governmental organizations in Japan and Southeast Asia have been linked to an undiscovered China-aligned threat cluster. The use of a diverse custom toolkit, primarily C#/.NET applications, is what distinguishes these attacks. According to ESET, the hacking group's activity was initially discovered in February 2024 on a South East Asian governmental entity's system.

Eventually, it discovered that Group Policy was utilized to spread the malware to several systems belonging to the same organization. It has been discovered that the dropper used to install the backdoor occasionally includes "execution guardrails" intended to restrict its use to the computers of particular victims. Other tools that LongNosedGoblin uses include a reverse SOCKS5 proxy, a utility that operates a Cobalt Strike loader and a video recorder to record audio and video.

Anton Cherepanov, a senior malware researcher at ESET, stated, "In most cases we investigated, the attackers were already inside the network, so we could not determine the initial access method they used." The security company's report states that the precise initial access techniques employed in the attacks are currently unknown. According to a report released today by Slovak cybersecurity firm ESet, the ultimate objective of these attacks is cyber espionage. It was determined that the threat activity cluster had been active since at least September 2023.