A new report claims that a group of hackers are targeting countries in the Asia-Pacific. The report adds that the group is based in China.
According to the report, this group of hackers has successfully evaded the radar of many cybersecurity firms. The group has surreptitiously engage in espionage for at least five years, with their targets set on Asia-Pacific countries.
The group is known only as Naikon. Not much is known about them, although Israel cybersecurity firm Check Point claims the group is operating from China. Among the groups targets are Australia, Brunei, Myanmar, Thailand, Philippines, and Vietnam.
According to Check Point, the group’s modus includes gathering geo-political intelligence from their target. The firm adds that the group targets science and technology institutes, foreign affairs offices, and government-owned companies.
Cybersecurity experts first discover Naikon’s activities way back in 2015. However, Check Point claims that the hacker group manage to slip their radar after that initial discovery. The hackers are able to conduct operations secretly until their recent discovery.
Check Point says that the hackers are able to evade discovery by minimizing the scope of their operations. However, the firm adds, the group intensify their operations in 2019 until early 2020.
— it-soft GmbH (@itsoftgmbh) May 8, 2020
Check Point’s investigation does not provide a clear link between the hackers and the Chinese government. The firm focuses mainly on the targets and type of attacks the group uses.
The firm says that the group exploits vulnerabilities in unpatched versions of Microsoft Word. Naikon uses a new cyberattack tool called Aria-body. Once the target opens an infected document, it can allow hackers to remotely access the computer.
Links to China
China has a well-known reputation for running and backing hacker groups to spy on other nations. Though the country has relentlessly deny accusations, investigations on various malwares and exploits prove otherwise.
Reports claim that the Naikon hacker group does not have a clear link to the Chinese government. However, the group uses hacking techniques that are similar to previous attacks from actors with relation to China.
Cybersecurity firm ThreatConnect has a report published in 2015 that connects Naikon to China’s People’s Liberation Army. Now that the group is once again active, many in the industry believe that their ties to Beijing persists.
ThreatConnect’s investigation concludes that the hackers are part of the Second Technical Reconnaissance Bureau. More specifically, Unit 78020, which is operating in the southern city of Kunming.
Image courtesy of Nahel Abdul Hadi/Unsplash