According to the digital security company Check Point, a group of hackers from China has resurfaced and has been organizing espionage attacks on governments in several countries in Asia and Oceania, such as Australia, Indonesia, the Philippines, Vietnam, Thailand, Myanmar and Brunei. Naikon, as the group of criminals is called, invades foreign affairs and science and technology ministries in order to gather information on geopolitical intelligence.
Naikon is an old group of hackers, but apparently it had dissolved in 2015. Now, Check Point has found that the group has been active for all these years, especially since last year. However, they make it difficult to identify through exploits attributed to advanced persistent threats, and use their victims’ servers exclusively as command and control centers to organize new attacks.
How Naikon carries out attacks
Naikon hackers carry out phishing attacks. After obtaining relevant information, derived from leaks or found publicly, that may interest potential targets, they send emails that imitate official correspondence. If the recipients open the attachment, they are automatically infected.
Infecting systems gives access to victims’ networks, where attackers try to access other parts of the infrastructure and launch new attacks.
Hackers target government agencies to use information that allows them to exploit trust and diplomatic relations between departments and governments. That way, the next attack is much more likely to be successful.