Full report by Check Point:After five years under the radar, the Naikon APT group has been unmasked in a long-term espionage campaign against several governments in the Asia-Pacific region.
The Chinese APT group was first uncovered by Kaspersky researchers in 2015, in attacks against top-level government agencies around the South China Sea. After 2015, Naikon seemingly went silent. However, a recently discovered, widespread campaign reveals the group has actually spent the past five years quietly developing their skills and introducing the “Aria-body” backdoor into their arsenal of weapons.
The campaign, which has accelerated in 2019 and the first quarter of 2020, is targeting countries in the APAC region, including Australia, Indonesia, Philippines, Vietnam, Thailand, Myanmar and Brunei, in a quest to gather geo-political intelligence. Specifically targeted are government ministries of foreign affairs, science and technology, and government-owned companies.
“Naikon attempted to attack one of our customers by impersonating a foreign government – that’s when they came back onto our radar after a five-year absence, and we decided to investigate further,” said Lotem Finkelsteen, manager of threat intelligence at Check Point, in a Thursday analysis.
Researchers observed several different infection chains being used to deliver the Aria-body RAT. They first came across the campaign in an email, purporting to be sent from a government embassy in the APAC region, sent to the Australian government. The email contained a document called “The Indians Way.doc.” [...]
Introduction Recently Check Point Research discovered new evidence of an ongoing cyber espionage operation against several national government entities in the Asia Pacific (APAC) region. This operation, which we were able to attribute to the Naikon APT group, used a new backdoor named Aria-body...