APT41-Linked Silver Dragon Targets Governments Using Cobalt Strike and Google Drive C2

A newly identified advanced persistent threat (APT) group, dubbed Silver Dragon, has been actively targeting government entities across Europe and Southeast Asia since at least mid-2024. Cybersecurity researchers have disclosed details of this sophisticated group, which shows strong operational links to the established Chinese state-sponsored APT41, indicating a likely expansion of its capabilities or a new front for its operations¹. Silver Dragon typically gains initial access by exploiting vulnerabilities in public-facing internet servers or through highly-targeted phishing emails that contain malicious attachments. For post-exploitation and continued presence, the group extensively uses Cobalt Strike, a prevalent adversary simulation tool. Uniquely, Silver Dragon employs Google Drive for its command and control (C2) infrastructure, a technique that leverages legitimate cloud services to blend in with normal network traffic and evade traditional detection mechanisms. The use of widely trusted cloud platforms by state-aligned threat actors like Silver Dragon fundamentally shifts the threat landscape. Organizations must therefore adjust their defensive strategies to account for nation-state activity leveraging common IT services, moving beyond solely criminal threat models to address geopolitical motivations and sophisticated evasion tactics.