Just Earth News | @justearthnews | 08 May 2020, 06:14 am Print
Beijing: When the world is busy combating COVID-19, a Chinese hacking group has been conducting “ongoing” espionage operations on foreign governments across Asia, a security firm said.
China is believed to be the nation from where the coronavirus originated.
Security firm Check Point said: "By comparing with previously reported activity, we can conclude that the Naikon APT group has been persistently targeting the same region in the last decade. In operations following the original 2015 report, we have observed the use of a backdoor named Aria-body against several national governments, including Australia, Indonesia, the Philippines, Vietnam, Thailand, Myanmar and Brunei."
"The targeted government entities include ministries of foreign affairs, science and technology ministries, as well as government-owned companies," it said.
Interestingly, the group has been observed expanding its footholds on the various governments within APAC by launching attacks from one government entity that has already been breached, to try and infect another.
In one case, a foreign embassy unknowingly sent malware-infected documents to the government of its host country, showing how the hackers are exploiting trusted, known contacts and using those them to infiltrate new organizations and extend their espionage network, the security firm said.
"Given the characteristics of the victims and capabilities presented by the group, it is evident that the group’s purpose is to gather intelligence and spy on the countries whose Governments it has targeted," it said.
It further said: "In this campaign, we uncovered the latest iteration of what seems to be a long-running Chinese-based operation against various government entities in APAC. This specific campaign leveraged both common toolsets like RoyalRoad RTF weaponizer, as well as a specially crafted backdoor named Aria-body."
While the Naikon APT group has kept under the radar for the past 5 years, it appears that they have not been idle, said Check Point.
"In fact, quite the opposite. By utilizing new server infrastructure, ever-changing loader variants, in-memory fileless loading, as well as a new backdoor – the Naikon APT group was able to prevent analysts from tracing their activity back to them," the firm concluded.
- Bangladesh is facing acute currency crisis after central bank stops releasing notes featuring Bangabandhu's image
- Two students arrested for scamming elderly person in US
- China: Explosion in residential building leaves 17 injured
- Bangladesh: High court grants bail to Hindu spiritual leader Chinmoy Krishna Das
- Israel-Palestine conflict: Two-State solution nearing point of no return, warns UN chief
