A Chinese APT (Advanced Persistent Threat) group from China called Naikon has reportedly launched a five-year mission to hack fellow Asia-Pacific countries. The group of hackers is said to have developed a new backdoor malware dubbed Aria-Body to accomplish its task.
Targeting APAC countries
According to Israeli cybersecurity group CheckPoint, the hacker group from China has been actively targeting all of these countries for the last 10 years. CheckPoint also claims that the group is actively using the same backdoor against the government networks of Australia, Indonesia, the Philippines, Vietnam, Thailand, Myanmar and Brunei.
The primary target is key ministries such as foreign affairs and science and technology. The prey list includes various government-backed companies.
Is Naikon a state-sponsored hacker group?
Though there is no evidence, the target list of the hackers hints that the group might be a state-sponsored group which launches politically motivated cyber attacks. In 2015, a US-based cybersecurity solution provider called ThreatConnect Solutions had claimed that the Naikon APT group was an active part of the Chinese People's Liberation Army (PLA).
CheckPoint has observed that the hacker group is lengthening its target list by executing attacks against several APAC countries. Once they manage to compromise a target, they send malware payloads via several phishing schemes to hunt down other goals.
"Given the characteristics of the victims and capabilities presented by the group, it is evident that the group's purpose is to gather intelligence and spy on the countries whose Governments it has targeted," Check Point said.
How it is done
The espionage plans of Naikon include collecting specific relevant documents, extracting data from removable drives, grabbing screenshots and install keylogger software to record each keystroke in the victim's computers and networks. To stay away from getting detected by the government networks, Naikon compromises servers of other ministries from the same government and controls the entire operation from that server.
To stay under the radar, Naikon frequently changes its loader codes, switches to new server infrastructure, uses new backdoor and employs new-age technologies like fileless loading.