A recent report by the Israeli cybersecurity firm CheckPoint has revealed that a China-based hacking group called Naikon has been conducting a 5-year cyber espionage campaign against countries in the Asia-Pacific region. Nations targeted by Naikon include Indonesia, Thailand, Myanmar, Vietnam, Brunei, the Philippines, and Australia. The hacking group focused on state-owned companies as well as government ministries concerned with science and foreign affairs. The hackers wanted to access information that held geopolitical value.
Attacking governments
CheckPoint had come across the activities of Naikon back in 2015. However, after the hackers went under the radar, the cybersecurity company could not find much info on their activities. It is only recently that the firm discovered that Naikon had not only been active, but had accelerated its espionage activities starting last year.
Though CheckPoint does not directly state that Naikon is linked to the Chinese government, a 2015 report by American security firm ThreatConnect indicated that the hacking group was a unit under the control of the People’s Liberation Army (PLA).
Naikon initially tries to infiltrate a government agency. If successful, they steal sensitive information like documents and contacts. It is this information that the hackers use to attack other agencies of the administration. CheckPoint came to know about it after finding an email that contained a document with malware. When a person opens the document, the malware enters the system and tries to download another malware known as “Aria-body.”
“This gives the hackers remote access to that computer or network, and bypasses security measures… The group uses so-called spear-phishing, where it sends an email with the infected document that looks like it comes from a trusted source, in this case, another government official. They’re able to get information to create fake emails from previous successful attacks or public data. Once they’re inside a network, they can launch further attacks without detection,” according to CNBC.
A report by Kaspersky Lab, a cybersecurity company from Russia, named Naikon as one of the most active “advanced persistent threats” in Asia. The 2015 ThreatConnect report identified Naikon as being part of the military’s Second Technical Reconnaissance Bureau, Unit 78020.
After the release of this report, the group apparently “disappeared.” No significant traces of their activities could be found until recently. It is unclear whether Naikon’s aggressive moves in recent times have to do with it coming under a new chain of command.
Beijing has, unsurprisingly, denied extending any support to hacking groups targeting other nations. A spokesperson from the Australian government revealed that the hacking activity stated in the CheckPoint report had not affected the federal government or the Prime Minister’s Office. However, the report mentions that Naikon had successfully infiltrated a computer used by an Indonesian diplomat who worked at the embassy in Canberra.
Hacking Uyghurs
While the coronavirus outbreak wreaks chaos in China, this hasn’t stopped Beijing from beefing up surveillance over the minority Uyghur community in Xinjiang. Starting from late December, Chinese hackers have been planting malware on iPhones owned by Uyghurs. Important personal information like emails, photos, instant messages, GPS location, and contact lists were stolen by hackers.
To infiltrate iPhones, hackers targeted popular Uyghur websites like Uyghur Times, Uyghur Academy, and so on. When a person visits these sites using their iPhone, the spyware will be automatically downloaded. To protect themselves from getting hacked, iPhone owners should update their devices to iOS version 12.4.
