HOMETHREATSDragonOK
APT / THREAT GROUP🕵️ ESPIONAGE

DragonOK

🇨🇳China-attributed
1
campaigns
6
aliases
Last seen:Mar 17, 2026

Intelligence Profile

[DragonOK](https://attack.mitre.org/groups/G0017) is a threat group that has targeted Japanese organizations with phishing emails. Due to overlapping TTPs, including similar custom tools, [DragonOK](https://attack.mitre.org/groups/G0017) is thought to have a direct or indirect relationship with the threat group [Moafee](https://attack.mitre.org/groups/G0002). (Citation: Operation Quantum Entanglement) It is known to use a variety of malware, including Sysget/HelloBridge, PlugX, PoisonIvy, FormerFirstRat, NFlog, and NewCT. (Citation: New DragonOK)

Threat Analysis

DragonOK is a known-sophistication threat actor attributed to China, engaged in cyber operations with a primary motivation of espionage.

The group's espionage-oriented operations suggest a state-sponsored or state-aligned mandate, typically focused on stealing intellectual property, government secrets, or military intelligence. Targets are usually selected for strategic value rather than financial gain.

Known Campaigns

DragonOK — Active Operations March 2026

DragonOK is a unknown-motivation threat actor attributed to China. Threat group that has targeted Japanese organizations with phishing emails. Due to overlapping TTPs, including similar custom tools, DragonOK is thought to have a direct or indirect relationship with the threat group Moafee. 2223 It is known to use a variety of malware, including...

ACTIVEMEDIUM2026

External References

Quick Facts

TypeAPT / Threat Group
Motivation🕵️ espionage
Origin🇨🇳 China
Aliases6
SourceMalpedia

Also Known As

G0002MoafeeDragonOKBRONZE OVERBROOKG0017Shallow Taurus

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.