Naikon cyber espionage gang targetting Southeast Asian countries says Kaspersky

By / 3 years ago / News / No Comments

To the uninitiated, Naikon APT sounds like the name of some naff fan club for some esoteric Japanese talk show but make no mistake, it’s actually one of the most persistent and insidious threats on the Internet in today’s present day and age. Designated as Naikon based on scraps of code left behind in infiltrated systems, the Naikon Advanced Persistent Threat (APT)- essentially an Internet espionage gang in plainspeak – has been busy since 2010 when the first clues of their work are discovered on compromised PCs and other devices.

Believed to number from a dozen individuals and up with exceptional expertise and significant funding – some say it requires state-backed funding to get to their level – along with a rather unusual interest in geopolitical information, the Naikon APT has consistently targeted Southeast Asian countries only, in particular and in no particular order Singapore, Thailand, Myanmar, the Phillipines, Malaysia and Indonesia. Rather than being content with sniffing out the usual credit card numbers and low level paydirt, Naikon APT has had their sights set on much bigger game in the form of sensitive information and intelligence in the highest levels of government. To date, they’ve targeted all manner of government agencies, the highest levels of the military, the police and federal agencies at all levels.

Kurt-Baumgartner_2_1_1_2 (Custom)

Kurt Baumgartner, Principal Security Researcher, Global Research and Analysis Team for Kaspersky Labs

Their methods are old school yet incredibly sophisticated. According to Kurt Baumgartner, Principal Security Researcher, Global Research and Analysis Team for Kaspersky Labs, “The Naikon APT group traditionally relies on spear phishing on their targets at a very sophisticated level.” Minus the jargon, spear phishing means to craft a convincing e-mail to persuade a target user to click and open an attachment that unloads a digital payload that can do anything from logging every keystroke on the compromised PC to allowing a hacker to take over the PC remotely. The trick that Naikon APT pulls off surprisingly well is that their spear phishing attempts look just like the real thing.

During a short presentation at Kaspersky Labs Malaysian office, media were shown a spear phishing e-mail originating from Malaysia related to the recent MH370 tragedy forwarded to government personnel that was written in linguistically flawless Bahasa Malaysia  at a native speaker level with a digital spyware payload that would infect the target user’s computer.

Who are they?

The clues as to how large Naikon APT is, their origins and their endgame remain tantalisingly elusive. What has been gleaned so far has been from examples, bits and pieces of code from targeted PCs.

What is known is that they’ve been in operation since 2010. According to Kurt, the group likely consists of more than one individual and would most likely be a dozen people and up with significant financial backing with a possibility of being backed by a nation-state. Which one though is open to speculation.

Another interesting fact is that rather than rampant hacking and otherwise general tomfoolery, Naikon APT is extraordinarily disciplined and focused. They only target federal and government affiliated agencies in Southeast Asia. The information they they seek is also rather specific, primarily high profile, geo-political information. Whether it has been acted upon, or what they do with all this collated data is open to speculation.

NixingNaikon

If you’re like the vast majority of people out there, odds are you don’t work for any of the agencies that Naikon is targetting for their as yet unknown agenda. Even if not, Kaspersky advises quite a few common sense steps that will prevent you from falling prey to other more low brow hacking attempts.

The most important one of course is to implement what is known as two-step authentication for your e-mail services. Essentially this means that when you login to your e-mail, you will get sent a text message on your phone with a one time password for entry. No password, no entry.

The other preventative steps highlighted by Kaspersky make common sense – not opening odd attachments as well as noting if your regular contacts are, well, in any way odd. Is their level of fluency suddenly gone down the pipes or suddenly improved? Are they sending e-mail at odd times that you’d reckon they would not be able to? Those would be possible signs that someone has infiltrated their account and using it to target you. Last but not least, Kaspersky also advises the most immediate solution of all – an up to date malware solution. To find out more about the Naikon APT threat, swing by Kaspersky’s Securelist blog on securelist.com and their main site at kaspersky.comNaikon_1

Naikon cyber espionage gang targetting Southeast Asian countries says Kaspersky