Naikon APT – Rampant Asia Pacific cyber espionage

June 5, 2020
Naikon APT Asia Pacific cyber espionage

Naikon APT lurking in the dark 

Notoriously known for their malicious attack back in 2015, a recent report from a Cybercrime Solutions researcher confirmed that the group ‘Naikon APT,’ never halted their operations but instead went under the radar for years.

The group’s origins were traced back from China, specializing in intel gathering and military infiltration. They are keen on targeting countries within the Asia Pacific Region, baiting on government organizations to stealthily monitor highly detailed strategic planning and military information. Given their notorious reputation in many countries, they have been tagged as the most active hacking group that uses Automatically Programmed Tools (APT) in 2015, and their modus operandi has been on the list for Domain Monitoring surveillance ever since.

As it was programmed, a genuine email that unknowingly compromised is being sent to a high ranking official or organization leader of the targeted country. It will lure them into opening the attachment in either MS Word file or clicking redirecting links from which embedded malware trojan will be executed. Once the program set foot on the system, it will now establish its connection to the remote server were hacker can gain access to perform command and control to the infected devices. By this time, they can far spread the viruses to other devices in the network. Once the infrastructure has been penetrated, hackers can now steal data such as screenshots and keylogging for highly classified information, especially for military force planning. The program used also has the capability to search for important files and sensitive data that the hacker can easily copy, delete, or have it encrypted.

After their operations got exposed back in 2015, no news has been heard about the group since. However, several reports from the Cyberworld community, confirmed that a similar attack had been detected – one that resembles the group’s modus operandi five years ago. It was recently disclosed that chained cyberattacks in the region have been observed, recorded, and linked to Nikon APT’s usual doing.

The in-depth analysis confirmed that a program called “Aria-body” was injected onto the compromised system from which the behavior and codes used were quite similar to the group’s signature.  According to the reports, the perpetrators did several random checks on the compromised system in order to avoid detection. With its sophisticated characteristics, it managed to remain undetected over the years  – a trait that possibly helped them to continue their activities without interruption.

Hence, this next level of the attack confirmed all sorts of vulnerability within the existing security that we imposed on our system. We must not be too (compliant), instead, be more vigilant to keepsake important information of any organization. Adept system maintenance and surveillance on the network must always be performed including continuous educating of people of the risk for cyberattacks.

About the author

Leave a Reply