Kaspersky Describes ‘Naikon’ Gang Highly Energetic
An advanced persistent threat (APT) group Naikon, which seemingly speaks Chinese, has been successfully hacking into countries' organizations the past 5-yrs near the sea in south China region, while being extremely active across Asia, says Kaspersky.
It was in April that Kaspersky exposed the group whilst it attacked head on another Internet-spying entity going by the name Hellsing. Hellsing had combated Naikon, which carried out spear phishing assault, via the means of own phishing campaign for extracting additional details regarding the attacker as well as its purpose.
Naikon chiefly attacks high-profile government organizations along with military and civil agencies within nations such as Cambodia, Malaysia, the Philippines, Myanmar, Vietnam, Indonesia, Laos, Thailand, Singapore, Nepal and China.
To infiltrate its targets, Naikon uses spear phishing attacks via the distribution of e-mails having files attached that would enthuse potential victims.
According to Principal Security Researcher Kurt Baumgartner at Kaspersky, the Naikon attackers use an extremely flexible infrastructure easy to establish within any target state. This command structure would extract all data from the victims' computers. Subsequently, the attackers may search for another target inside a different state and exploit it by simply establishing one fresh connection, Baumgartner explains. Gulfnews.com reported this, May 17, 2015.
Meanwhile, it isn't evident from Kaspersky's report if the PC infiltration is designed for filching sensitive data alternatively for proving that the security arrangements by governments aren't sufficiently strong.
Notably, Naikon had tried contaminating PCs belonging to law enforcement, military and government organizations as well as departments of civil aviation within Malaysia along with many other nations soon after the disappearance of the Malaysian Airlines Flight MH370. In April, Kaspersky Lab stated that Naikon was attempting at blocking the details in connection with the missing flight's probe coupled with its search initiatives.
And while there's a close association between Naikon's activities and APT30 a group getting the name from FireEye, Kaspersky Lab doesn't exactly describe the two groups as the same. According to it, it isn't astonishing that both actors may've an overlapping aspect, since they've been mining victims within the same South China Sea for years. Securityweek.com reported this, May 14, 2015.
» SPAMfighter News - 5/22/2015