A renowned technology blog network site, Engadget, has claimed that a Chinese hacking group, Naikon, has been conducting ongoing operations on foreign governments across Asia to gather “geopolitical intelligence”.
According to a news released by security firm Check Point, Naikon has reportedly attacked governments in Australia, Indonesia, Philippines, Vietnam, Thailand, Myanmar and Brunei, targeting foreign affairs, science and technology ministries.
“The primary attack vector is our old friend, phishing. First, Naikon creates an official-looking e-mail with information of interest to potential targets, obtained via public or stolen information. Should the hapless victim open the email attachment, it is spiked with a sophisticated piece of backdoor malware called ‘Aria-body.’ That gives the attacker access to the target’s networks and from there, they attempt to access other parts of the infrastructure to gain wider access and launch new attacks”, it said.
“Naikon’s primary method of attack is to infiltrate a government body, then use that body’s contacts, documents and data to launch attacks on others, exploiting the trust and diplomatic relations between departments and governments to increase the chances of its attack succeeding,” said Check Point.
Naikon is a known hacker group but apparently dropped out of view around 2015. However, Check Point found that despite avoiding detection, the group has been very active during the last five years, especially in 2019-2020. During that time, the group developed new tools including Aria-body.
“To evade detection, they were using exploits attributed to lots of APT (advanced persistent threat) groups and uniquely using their victims’ servers as command and control centres,” wrote Check Point.
“We have published this research as a warning and resource for any government entity to better spot Naikon’s or other hacker group’s activities,” it warned.