Reportseverity: Medium2020-05-07

Check Point exposes Naikon's Aria-body backdoor in five-year APAC government campaign

published by Check Point Research

Actor

NaikonCN · ChinaAPT

PRC state-sponsored intrusion set publicly attributed by ThreatConnect and Defense Group Inc. to the People's Liberation Army Unit 78020 (Chengdu Military Region Second Technical Reconnaissance Burea…

Summary

Check Point Research published 'Naikon APT: Cyber Espionage Reloaded', detailing a previously undocumented backdoor called Aria-body deployed against ministries of foreign affairs, science and technology, and government-owned companies in Australia, Indonesia, the Philippines, Vietnam, Thailand, Myanmar, and Brunei. Check Point attributed the activity to Naikon via shared infrastructure with prior Naikon campaigns, debug-string overlap with the XsFunction backdoor, and reuse of the djb2 hashing algorithm.

Primary source

research.checkpoint.com

Other Naikon events

2021-04-27Bitdefender details Naikon RainyDay and Nebulae backdoors used against Southeast Asian militaries
2017-05-31MITRE ATT&CK adds Naikon as Group G0019
2015-09-23ThreatConnect and Defense Group publish Project CAMERASHY attributing Naikon to PLA Unit 78020

Summary

Tags

Primary source

Other Naikon events