silversurfer

Level 63
Verified
Trusted
Content Creator
Malware Hunter
After five years under the radar, the Naikon APT group has been unmasked in a long-term espionage campaign against several governments in the Asia-Pacific region.

The Chinese APT group was first uncovered by Kaspersky researchers in 2015, in attacks against top-level government agencies around the South China Sea. After 2015, Naikon seemingly went silent. However, a recently discovered, widespread campaign reveals the group has actually spent the past five years quietly developing their skills and introducing the “Aria-body” backdoor into their arsenal of weapons.

The campaign, which has accelerated in 2019 and the first quarter of 2020, is targeting countries in the APAC region, including Australia, Indonesia, Philippines, Vietnam, Thailand, Myanmar and Brunei, in a quest to gather geo-political intelligence. Specifically targeted are government ministries of foreign affairs, science and technology, and government-owned companies.

“Naikon attempted to attack one of our customers by impersonating a foreign government – that’s when they came back onto our radar after a five-year absence, and we decided to investigate further,” said Lotem Finkelsteen, manager of threat intelligence at Check Point, in a Thursday analysis.

Researchers observed several different infection chains being used to deliver the Aria-body RAT. They first came across the campaign in an email, purporting to be sent from a government embassy in the APAC region, sent to the Australian government. The email contained a document called “The Indians Way.doc.” [...]
Full report by Check Point:
 

Correlate

Level 14
Verified
An advanced hacker group running cyber-espionage campaigns since at least 2010 has been operating stealthily over the past five years. They deliver a new backdoor called Aria-body and use victims’ infrastructure to carry attacks against other targets.

Multiple variants of the malware have been discovered and one of them was recently delivered to the Australian government via a malicious email.
 
Top