Cybersecurity Firm Links Chinese Group to Cyber Espionage in Southeast Asia

Sandra Loyd

A China-based group has actually silently performed cyber espionage versus Southeast Asian federal governments throughout the past couple of years, gathering “specific documents,” to name a few information, from contaminated computer systems, a cybersecurity business stated in a report.

Naikon, a group of hackers, released a software application called Aria-body to target federal government firms and technology companies in Indonesia, Thailand, the Philippines, Vietnam, Myanmar and Brunei, and even in Australia, according to a report launched Thursday by Examine Point Research Study, an Israeli security business.

“In this campaign, we uncovered the latest iteration of what seems to be a long-running Chinese-based operation against various government entities,” Examine Point stated in its substantial report readily availableonline “Throughout our research, we witnessed several different infection chains being used to deliver the Aria-body backdoor.”

“This includes not only locating and collecting specific documents from infected computers and networks within government departments, but also extracting data from removable drives, taking screenshots and keylogging, and of course harvesting the stolen data for espionage,” it stated.

If Naikon was backed by the Chinese federal government,

Examine Point Research study did not state.

However a September 2015 report from cyber intelligence business Defense Group and ThreatConnect, both U.S.-based companies, recognized Naikon as “associated” with China’s People’s Freedom Army (PLA).

The 2 business stated they merged “technical analysis with Chinese language research and expertise” to record the advanced cyber espionage campaign by the PLA system “with interests in the South China Sea.”

An e-mail sent out by BenarNews. an RFA-affiliated online news service, to the media relations officer of the Chinese embassy in Washington on Friday was not right away returned.

On The Other Hand in Jakarta, Anton Setiawan, spokesperson for Indonesia’s National Cyber and Cryptography Company, acknowledged awareness of the report by Examine Point.

“We will discuss this internally first,” he informed BenarNews on Friday.

In Bangkok, a team member of the Thai federal government’s IT security guard dog THAICERT likewise informed BenarNews that its members would penetrate the accusations in the report.

“We have a team to investigate this matter, based on the report, to see if it is true or not. If it is true, we will alert agencies who might have been affected by the hackers to be careful,” stated the team member, who asked not to be called due to the fact that he was not licensed to speak to the media.

The countries that were presumably hacked– other than for Australia, Thailand and Myanmar– have overlapping territorial claims in the South China Sea, where about U.S. $5 trillion in ship-borne trade passes through each year. China declares the majority of the resource-rich area on historic premises.

“The Naikon group has been running a longstanding operation, during which it has updated its new cyberweapon time and time again, built an extensive offensive infrastructure and worked to penetrate many governments across Asia and the Pacific,” Lotem Finkelstein, head of the cyber-threat intelligence group at Examine Point, stated in a declaration.

“In operations following the original 2015 report, we have observed the use of a backdoor named Aria-body against several national governments, including Australia, Indonesia, the Philippines, Vietnam, Thailand, Myanmar and Brunei,” Examine Point stated, referring to the research study by the 2 U.S. security companies 5 years back.

Aria-body, the invasive brand-new tool utilized by the hackers, has actually alarmed security scientists due to the fact that it might penetrate a federal government company utilizing a normal Word file to permeate any computer from which information from the assaulted state department would stream into the servers utilized by the hackers, according to Examine Point.

After Naikon was examined by the 2 American cybersecurity business 5 years back, it “slipped off the radar,” according to Examine Point. The firm stated it had actually just recently found that the hacking group had really been active throughout the past 10 years, however just “accelerated its cyber espionage activities in 2019” and the first quarter of this year.

“By comparing with previously reported activity, we can conclude that the Naikon APT group has been persistently targeting the same region in the last decade,” Examine Point stated in a declaration.

The targeted federal government entities consist of foreign affairs, science and technology ministries, along with government-owned business, it stated.

“Given the characteristics of the victims and capabilities presented by the group, it is evident that the group’s purpose is to gather intelligence and spy on the countries whose Governments it has targeted,” Examine Point stated.

Reported by BenarNews, an RFA-affiliated online news service.

The post Cybersecurity Firm Links Chinese Group to Cyber Espionage in Southeast Asia appeared first on World Weekly News.