Cybersecurity specialists at Check Point have uncovered an ongoing cyber espionage operation targeting several government bodies in Asia Pacific.
The Advanced Persistent Threat group known as Naikon used a new backdoor attack named Aria-body. This allowed hackers, who are believed to be based in China, to bypass security measures and gain remote access to a victims’ network.
The APT group targeted Southeast Asian government ministries in Indonesia, the Philippines, Vietnam and Thailand to spy on them, gain sensitive geo-political information and exploit diplomatic relations between departments.
The Manager of Threat Intelligence at Check Point, Lotem Finkelstein, said: “Naikon attempted to attack one of our customers by impersonating a foreign government.”
Check Point’s investigation of the cyber espionage operation began when they found a malicious email was sent from a government diplomat, thought to be from the Indonesian embassy in Canberra, to the government of Western Australia.
When this email was opened, the victim’s device downloads Aria-body from servers used by Naikon.
Naikon was able to evade detection by impersonating government officials in emails using victims’ servers as command and control centers to launch new attacks. Researchers found one server belonged to the Philippines’ Department of Science and Technology.
Naikon was thought to have gone silent since ThreatConnect and Defense Group exposed them in 2015, until Check Point discovered they have been active for the past five years and even accelerated their activities this year.
In the past, Naikon was known as one of the most active APTs in Asia, attacking attacking civil and military organisations around the South China Sea.
Mr Finkelstein said: “We’ve published this research as a warning and resource for any government entity to better spot Naikon’s or other hacker group’s activities.”
This warning is particularly pertinent for governments to heed. Thailand recently approved funding for a Government Data Center and Cloud service, which must have strong cybersecurity protocols to avoid vulnerabilities that could be exploited by hackers.
To remain secure, government’s should advise staff to check emails carefully, manage user privileges, monitor and analyse logs, and make sure you’re only downloading files from trusted sites.
