Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


Naikon the Infamous Hacker Group is connected to Chinese Army

Toptechnews.com reported on 24th September, 2015 stating that cyber-security company ThreatConnect released a report stating that open source intelligence company Defense Group Inc. (DGI) has linked a hacker collective called "Naikon" with Chinese military.

The "Project CAMERASHY: Closing the Aperture on China's Unit 78020" expose documents proving China's efforts to spy on foreign governments, corporations and military forces posing threats.

Like most APT groups, they craft customized spear phishing messages to penetrate organizations, in this case a Word or Office document carrying an exploit for CVE-2012-0158 which is a favorite target for APT groups. The exploit installs a remote administration tool, or RAT, on the compromised machine which opens a backdoor through which stolen data is taken out and further malware and instructions can be injected.

The intelligence collected by ThreatConnect and Defense Group for attribution purposes centers on a dynamic domain employed by Naikon since at least 2010 which is known as greensky27.vicp.net.

IP addresses associated with this domain was analysed and it was found that city of Kunming is a core center because majority of connections were traced there.

Experts collected this and other data which has led them to think that the person controlling greensky27.vicp.net is situated near or in Kunming. More analysis has disclosed that this person may be a PLA officer called Ge Xing.

One of the clues connecting Ge Xing to domain...greensky27.vicp.net is moniker "GreenSky27". The criminal has used this username on many Internet platforms including the microblogging website QQWeibo, forums and social media websites.

Researchers collected information along with images posted by GreenSky27 on the Internet which has enabled investigators to decide that Ge Xing from Kunming is masterminding this cyber moniker. Moreover, proof present on Chinese websites and his online profiles prove that there is a link between this person and the PLA.

The ThreatConnect report is not the first to reveal the activities of hackers of China's military. In 2013, Mandiant, an American cybersecurity firm, linked one of the world's most fertile groups of computer hackers to the Chinese government, tracing them to a location near Shanghai which is also the headquarters of Unit 61398 which is a secret division of China's military.

» SPAMfighter News - 10/1/2015

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page