As mentioned in a new report from Kaspersky lab, a menacing attacker group “Naikon” has been infiltrating national organizations around the South China sea for over 5 years.
Emerging from within the Chinese perimeters, Naikon is an advanced persistent threat actor that scours countries for geo political intelligence. The report suggests that the threat actor has been in action for more than 5 years and has been dealing with high volume of confidential information.
The attackers appear to be Chinese speaking and have targeted top-level government agencies and civil and military organization in countries such as the Philippines Malaysia Cambodia Indonesia Vietnam Myanmar Singapore and Nepal.
Naikon, one of the most active APTs in Asia, uses a traditional spear-phishing techniques, with emails carrying attachments designed to be of interest to the potential victim. This attachment might look like a Word document, but is in fact an executable file with a double extension.
Kaspersky reports that Naikon staged a vigorous activity post the disappearance of MH370 and hit a few high-profile departments including Office of the President Armed Forces, Office of the Cabinet Secretary, National Security Council(s), Office of the Solicitor General, National Intelligence Coordinating Agency, Civil Aviation Authority, Department of Justice, National Police, Presidential Management Staff.
Kurt Baumgartner, Principal Security Researcher, the GreAT team, Kaspersky Lab said-
The criminals behind the Naikon attacks managed to devise a very flexible infrastructure that can be set up in any target country, with information tunneling from victim systems to the command center. If the attackers then decide to hunt down another target in another country, they could simply set up a new connection. Having dedicated operators focused on their own particular set of targets also makes things easy for the Naikon espionage group.
The report further mentions that each target country has a designated human operator, who is responsible for placing of infrastructure (a proxy server) within the country’s borders to provide daily support for real-time connections and data exfiltration.
Here are few of the recommendations to protect yourself against Naikon threat-
- Don’t open attachments and links from people you don’t know.
- Use an advanced anti-malware solution.
- If you are unsure about the attachment, try to open it in a sandbox.
- Make sure you have an up-to-date version of your operating system with all patches installed.