An advanced group of Chinese hackers has recently been spotted to be behind a sustained cyber espionage campaign targeting government entities in Australia, Indonesia, Philippines, Vietnam, Thailand, Myanmar, and Brunei—which went undetected for at least five years and is still an ongoing threat.
The group, named ‘Naikon APT,’ once known as one of the most active APTs in Asia until 2015, carried out a string of cyberattacks in the Asia-Pacific (APAC) region in search of geopolitical intelligence.
According to the latest investigation report Check Point researchers shared with The Hacker News, the Naikon APT group had not gone silent for the last 5 years, as initially suspected; instead, it was using a new backdoor, called “Aria-body,” to operate stealthily.
“Given the characteristics of the victims and capabilities presented by the group, it is evident that the group’s purpose is to gather intelligence and spy on the countries whose governments it has targeted,” the researchers said.
In brief, the Aria-body backdoor is being used to take control of the internal networks of a targeted organisation, in addition to mounting attacks from an already breached company to infect another.
“This includes not only locating and collecting specific documents from infected computers and networks within government departments, but also extracting removable data drives, taking screenshots and keylogging, and of course, harvesting the stolen data for espionage.”
images from Hacker News