According to a new report from Kaspersky labs, a malicious hacker group called Naikon is targeting government, civil and military organizations in the Asia-Pacific region.
Kaspersky Security Labs revealed a new report which warned of an existing, functioning, active hacker collected called Naikon, which is targeting a number of vulnerable countries in the area around the South China Sea.
The report also claimed that the group had been operating for at least five years already and has carried out a “high volume, high profile, geo-political attack activity”.
“In the spring of 2014, we noticed an increase in the volume of attack activity by the Naikon APT,” wrote Kaspersky. “The attackers appeared to be Chinese-speaking and targeted mainly top-level government agencies and civil and military organizations in countries such as the Philippines, Malaysia, Cambodia, Indonesia, Vietnam, Myanmar, Singapore, Nepal, Thailand, Laos and China.”
The hack
Typically, Naikon hackers begin an attack with an email containing an attachment that contains keywords and information of interest to the potential victim. This is served as a “bait document” in the form of a standard Microsoft Word document. However, it is actually an executable with a double extension, capable of executing code without the user’s consent and knowledge. When the executable is launched, spyware is installed on the unsuspecting victim’s computer. While this is running, a decoy document is also opened and displayed in tandem, leading the victim to believe everything is running as it should be, without any red flags.
“There are 48 commands in the module’s repertoire, which a remote operator can use to effectively control the victim computer,” said Kaspersky.
The level of sophistication and clarity in the way of the attacks strongly suggests a nation state to be behind the Naikon hackers. Kaspersky cited an unnamed country and stated that Naikon had infiltrated a number of national organizations in the same country, including the Office of the President, Military Forces, and Office of the Cabinet Secretary, National Security Council, Intelligent Services and the Department of Justice. That’s just naming a few.
Kurt Baumgartner, Principal Security Researcher at Kaspersky Labs said:
“The criminals behind the Naikon attacks managed to devise a very flexible infrastructure that can be set up in any target country, with information tunneling from victim systems to the command center. If the attackers then decide to hunt down another target in another country, they could simply set up a new connection. Having dedicated operators focused on their own particular set of targets also makes things easy for the Naikon espionage group.”
Here are few of recommendations to protect yourself against the Naikon threat:
- Don’t open attachments and links from people you don’t know.
- Use an advanced anti-malware solution.
- If you are unsure about the attachment, try to open it in a sandbox.
- Make sure you have an up-to-date version of your operating system with all patches installed.
