A Chinese hacking group has been conducting “ongoing” espionage operations on foreign governments across Asia, according to security firm Check Point. Called Naikon, it has reportedly attacked governments in Australia, Indonesia, Philippines, Vietnam, Thailand, Myanmar and Brunei, targeting foreign affairs, science and technology ministries. The aim is to gather “geo-political intelligence,” Check Point wrote in a news release.
The primary attack vector is our old friend, phishing. First, Naikon creates an official-looking email with information of interest to potential targets, obtained via public or stolen information. Should the hapless victim open the email attachment, it’s spiked with a sophisticated piece of backdoor malware called “Aria-body.” That gives the attacker access to the target’s networks and from there, they attempt to access other parts of the infrastructure to gain wider access and launch new attacks.