Hackers and trojan horses, and computer viruses are un-welcomed guests in any cyber-related activities that we do on social media. Unfortunately, cyber weapons have become more sophisticated, targeting important diplomat figures and governments around the world. Speaking of which, have you heard of Naikon?

Check Point, a cyber research group, revealed a 5-year targeted campaign by the Chinese APT in their report and extensive operations. They found that the ‘very dangerous’ tactics of the military espionage group compromised overseas government, and used their systems to attack other countries.

Additionally, the new cyber weapon had the following specifications:

  • hijacks diplomatic communication channels to target specific computers in ministries from its home country, or even to government entities in its host country.
  • follows intelligence officers’ directives to locate a specific filename in a particular machine
  • gathers intelligence on a wide scale

Silent ‘Naikon’: A Chinese APT Intelligence Working in the Shadows

The ThreatConnect and Defense Group Inc. (DIG) report revealed a cyber reconnaissance unit named Naikon. Back in 2015, they found that Naikon had links to the People’s Liberation Army. Naikon considers a signal intelligence and political analysis of the Southeast Asian borders that mostly target those countries claiming disputed areas of energy-rich South China Sea.

Though the report blew Naikon’s cover, it continued to operate in the last five years after the information was released, and targeted countries like the Philippines.

Check Point further revealed Naikon’s stepping-stone approach as follows:

  • It penetrates diplomats’ PCs and takes over ministerial servers, making a successful attempt to gather intelligence from high-profile personnel and control critical assets.
  • Its malware can spread through emails between diplomat embassies and foreign governments so that it won’t detect with external malicious servers.

At some point, it becomes alarming for all of us today, even during this pandemic. In a report by Check Point, a Chinese APT was targeting public sector organizations in Mongolia. They used several documents disguised as coronavirus health warnings that appeared to come from their government.

Check Point reveals Naikon's stepping stone - THESIS.PH

Given China’s constant battle for influence and defensive superiority, it is notable that Naikon’s primary method of attack aims to exploit the trust and diplomatic relations between departments and governments.

Malicious Arian-Body RAT: Naikon’s Campaign 5 Years Later

In 2017, Naikon designed an “Aria-body” loader to open a backdoor to the APT’s command and control servers. Once the loader establishes itself in the startup folder, it then downloads more malicious RAT before it decrypts and installs it in the machine.

The RAT’s purpose is to gather intelligence and spy on its targeted countries’ governments. It can:

  • create, search, or delete files
  • take screenshots
  • log locations and keystrokes
  • extract data removable drives

Naikon Aria-body RAT

As you see, the manner of these exploitations and those reported back in 2015 are similar. Lotem Finkelsteen then mentioned that they published this research from Check Point to warn government entities to spot the hacker group’s activities.

As someone who once worked in the computer and internet security department of the biggest software provider in the world, I can say that hackers are becoming wiser not only with the way they code but also with the way they trigger your emotions and habits on social media.

Let’s take precautions and extra care. Let us take the initiative to defend ourselves against hackers, and be mindful before clicking links and suspicious messages.

How do you plan to hack-proof the system security of your thesis? Let me know in the comments.


Please enter your comment!
Please enter your name here