Tech

New cybersecurity report says China-based group is hacking Asia-Pacific governments

Key Points
  • A China-based hacking group has quietly been carrying out a five-year cyber espionage campaign against governments in the Asia Pacific region, a new report by Check Point revealed.
  • The collective known as Naikon has targeted countries including Australia, Indonesia, Philippines, Vietnam, Thailand, Myanmar and Brunei.
  • The Chinese group attempts to infiltrate a government body then use information it acquires such as contacts and documents to attack other departments. 
A state-backed Chinese hacking group called APT41 were able to hack into telecommunications firms' servers and steal the contents of text messages for intelligence that was of interest to Beijing, according to a new report from cybersecurity firm FireEye.
Bill Hinton Photography | Moment Open | Getty Images

A China-based hacking group has been quietly carrying out a five-year cyber espionage campaign against Asia-Pacific governments after it previously "slipped off the radar," a new report claims. 

The group, known as Naikon, has targeted nations including Australia, Indonesia, Philippines, Vietnam, Thailand, Myanmar and Brunei, according to Israeli cybersecurity firm Check Point

Naikon targets ministries of foreign affairs, science and technology, as well as government-owned companies with the aim of "gathering of geo-political intelligence," Check Point said.

What drives them is their desire to gather intelligence and spy on countries, and they have spent the past five years quietly developing their skills ...
Lotem Finkelsteen
Check Point

Security researchers first found out about the Naikon group in 2015. However, Check Point said it had "slipped off the radar, with no new evidence or reports of activities found" until now. The hacking group had actually been active for the past five years but "accelerated its cyber espionage activities in 2019 and Q1 2020."

The cybersecurity firm did not say if Naikon is linked to the Chinese government. But a separate report in 2015, by a Washington-based security company called ThreatConnect, claimed the group was a unit of the Chinese People's Liberation Army (PLA).

In response to CNBC's request for comment, China's Ministry of Foreign Affairs said: "China's position on cyber security is firm and consistent. We firmly oppose and crack down on any kind of cyber attack and theft behaviors in accordance with law."

In the statement to CNBC, the ministry also said called on the international community to address cyber security threats "through dialogue and cooperation, based on mutual respect and mutual benefits."

According to the report, Naikon attempts to infiltrate a government body and use the stolen information it acquires there — such as contacts and documents — to attack other departments within that country's government.

Check Point said it was alerted when it found an email with a document attached that contained malicious software, also known as malware.

When the document is opened, it infiltrates a user's computer and attempts to download another piece of malware called "Aria-body." This gives the hackers remote access to that computer or network, and bypasses security measures, Check Point said.

The group uses so-called spear-phishing, where it sends an email with the infected document that looks like it comes from a trusted source, in this case, another government official. They're able to get information to create the fake email from previous successful attacks or public data. 

Once they're inside a network, they can launch further attacks without detection. 

"What drives them is their desire to gather intelligence and spy on countries, and they have spent the past five years quietly developing their skills and introducing a new cyber-weapon with the Aria-body backdoor," Lotem Finkelsteen, manager of threat intelligence at Check Point, said in a statement.

— This story has been updated to reflect the comments from China's Ministry of Foreign Affairs which came after the article was published.