Thursday, 22 June 2023
Estimated reading time:3 minutes
Security research firm Check Point Software Technologies (Israel) has discovered a cyberattack campaign carried out by a hacker group called Naikon, targeting the governments of countries in Southeast Asia and Australia.
Check Point said Naikon's hacking activities have been taking place for at least the past five years, targeting the governments of countries including Vietnam, Thailand, Myanmar, Brunei, Philippines, Indonesia and Australia, through "government-to-government" attacks.
According to Check Point, Naikon's attack method is to find a way to penetrate a government agency of a country through security holes, then use contact information, documents and data to impersonate the agency’s name, and then carry out phishing attacks against other governments.
In this way, Nikon took advantage of the trust and diplomatic relationships between the government agencies of countries to increase the chances of success of its attacks.
In the newly released report, Check Point said it had started an investigation after discovering an email was sent from the embassy of the government of a country in the Asia-Pacific region to an Australian government agency, inside there is an attached file called "The Indians Way.doc" containing malicious code.
This malicious text file will automatically install a file into the startup folder on the Word software of the victim's computer, then will silently download and install more malicious code from the server controlled by hackers, Check Point said in its report.
Check Point said the Naikon hacker group specifically targeted government agencies involved in foreign affairs, science and technology, as well as government-owned companies. The goal of this group of hackers is believed to be politically related and to gather intelligence.
This group of hackers spent five years quietly developing their attack skills against government agencies. To evade detection, the hacker group used the victim's own server system as a command and control center, instead of using a separate server system on the outside, Lotem Finkelsteen, Check Point's threat intelligence manager said. We are publishing this report as a warning to government agencies to watch out for the activities of Naikon and other hacker groups.
The Naikon hacker group first came into the spotlight when experts from the Russian security research firm Kaspersky (Russia) discovered the group's activities in 2010, carrying out cyber attacks against government agencies of Southeast Asian countries.
However, since 2015, Naikon suddenly became silent and showed no signs of activity, until it was "unmasked" by Check Point in a newly published report.
A well-known law firm in New York has been attacked by a group of hackers using the REvil ransomware. The hacker group demanded a ransom of 42 million...
One unified platform that integrates Network and Endpoint Detection and Response and Digital Forensics to ensure rapid detection and empower Threat Hu...