Chinese hacking group is targeting governments across Asia, says security firm Check Point

Chinese hacking group is targeting governments across Asia, says security firm Check Point

Bangladesh Live News | @banglalivenews | 08 May 2020, 07:14 am
Beijing: When the world is busy combating COVID-19, a Chinese hacking group has been conducting “ongoing” espionage operations on foreign governments across Asia, a security firm said.

China is believed to be the nation from where the coronavirus originated.

Security firm Check Point said: "By comparing with previously reported activity, we can conclude that the Naikon APT group has been persistently targeting the same region in the last decade. In operations following the original 2015 report, we have observed the use of a backdoor named Aria-body against several national governments, including Australia, Indonesia, the Philippines, Vietnam, Thailand, Myanmar and Brunei."

"The targeted government entities include ministries of foreign affairs, science and technology ministries, as well as government-owned companies," it said.

Interestingly, the group has been observed expanding its footholds on the various governments within APAC by launching attacks from one government entity that has already been breached, to try and infect another.

In one case, a foreign embassy unknowingly sent malware-infected documents to the government of its host country, showing how the hackers are exploiting trusted, known contacts and using those them to infiltrate new organizations and extend their espionage network, the security firm said.

"Given the characteristics of the victims and capabilities presented by the group, it is evident that the group’s purpose is to gather intelligence and spy on the countries whose Governments it has targeted," it said.

It further said: "In this campaign, we uncovered the latest iteration of what seems to be a long-running Chinese-based operation against various government entities in APAC. This specific campaign leveraged both common toolsets like RoyalRoad RTF weaponizer, as well as a specially crafted backdoor named Aria-body."

While the Naikon APT group has kept under the radar for the past 5 years, it appears that they have not been idle, said Check Point.

"In fact, quite the opposite. By utilizing new server infrastructure, ever-changing loader variants, in-memory fileless loading, as well as a new backdoor – the Naikon APT group was able to prevent analysts from tracing their activity back to them," the firm concluded.