A Chinese hacking group has been directing “continuous” secret activities procedure on foreign governments across Asia, as per security firm Check Point. Called Naikon, it has allegedly assaulted governments in Australia, Indonesia, Philippines, Vietnam, Thailand, Myanmar and Brunei, focusing on foreign issues, science and innovation ministries. The point is to assemble “geo-political intelligence,” Check Point wrote in a news release.
The essential assault vector is our old companion, phishing. To begin with, Naikon makes an official-looking email with information of interest to potential targets, acquired by means of public or stolen data. Should the hapless victim open the email connection, it’s spiked with an advanced bit of backdoor malware called “Aria-body.” That gives the assailant access to the target’s systems and from that point, they endeavor to get to different pieces of the framework to increase more extensive access and launch new attacks.
“Naikon’s primary method of attack is to infiltrate a government body, then use that body’s contacts, documents and data to launch attacks on others, exploiting the trust and diplomatic relations between departments and governments to increase the chances of its attack succeeding,” said Check Point.
Naikon is a famous hacking group, yet clearly dropped out of view around 2015. In any case, Check Point found that regardless of staying away from location, the gathering has been exceptionally active during the most recent five years, particularly in 2019-20. During that time, the group grew new instruments including Aria-body.
“To evade detection, they were using exploits attributed to lots of APT [advanced persistent threat] groups, and uniquely using their victims’ servers as command and control centres,” wrote Check Point. “We’ve published this research as a warning and resource for any government entity to better spot Naikon’s or other hacker group’s activities.”