EXECUTIVE SUMMARY:
A cyber attack tool with “alarming” capabilities is throttling through the APAC region. The tool was discovered after being deployed to spy on the office of the premier of Western Australia, Mark McGowan.
The hacking software, known as Aria-body, is disseminated via email attachments and can remotely hijack a computer. Those operating the software retain the capacity to copy, delete, or create files, and to see into the sensitive documents that targets are writing on their computers.
Embedded within the tool are sophisticated means of evading detection. The tool can parasitically attach itself to a variety of different file types so that it does not appear to have a set pattern of movement. In addition, portions of the Aria-body code can be manipulated remotely, giving the illusion of computer compromise by different types of attacks, when in reality, all attacks emanate from the same source.
Researchers from Check Point Software discovered that the tool is wielded by a group of hackers called the ‘Naikon’ group, which has been traced to the Chinese military. This group has previously interfered with government agencies and state-owned technology companies in Indonesia, the Philippines, Vietnam, Myanmar and Brunai.
“The Naikon group has been running a longstanding operation, during which it has updated its…cyberweapon[s] time and time again, built an extensive offensive infrastructure and worked to penetrate many governments across Asia and the Pacific,” said cyber security expert, Lotem Finkelstein. The activities conducted by this group demonstrate significant, well-thought out operational infrastructures and fierce pre-operation intelligence collection.
For more on this story, visit The New York Times.