Israeli company uncovers cyberattack on Vietnam, neighbors by China-linked group
A ransomware attack targeting government systems in Vietnam
and several neighboring countries has been discovered by an Israeli
cybersecurity firm.
Check Point Research said in a report last Thursday the
cyber espionage operation has been going on under the radar for years and is
connected to Naikon Advanced Persistent Threat (APT) group, which cybersecurity
firms like Kaspersky, ThreatConnect and Defense Group exposed in 2015 as having
links to China.
The group's goal is to gather geo-political intelligence
from government entities in Vietnam, Australia, Indonesia, Thailand, Myanmar,
Brunei, and the Philippines. Its specific targets are ministries of foreign
affairs and science and technology besides government-owned companies.
For instance, the group disguised one of its attacks as an
email sent from a government embassy in Asia Pacific to the Australian
government. Inside the malicious email was a file called "The Indians
Way.doc" containing the backdoor Trojan, Aria-body.
Check Point said the Trojan can "not only locate and
collect specific documents from infected computers and networks in government
departments, but also extract data from removable drives, take screenshots and
log keys, and of course harvest the stolen data for espionage."
Vietnam cybersecurity company VSEC said Naikon still uses
the popular attack method of sending a decoy email with a malicious file. When
the victim opens the email, the computer automatically installs the malware,
helping hackers collect information, steal sensitive documents and attack other
computers in the same system and elsewhere.
Naikon also turns victims' malware-infected devices and
servers into a C2 server to launch new attacks targeting other government
agencies.
Truong Duc Luong, a VSEC cybersecurity expert, said Naikon's
return represents new threats to cybersecurity since it has likely silently
studied and developed new, sophisticated and more dangerous attacks during the
last five years when it was absent.
In the past hacker group APT30 also used malicious software
to access computers "containing important political, economic and military
intelligence" in Asia, mainly Vietnam, Thailand, South Korea, Malaysia,
and India. The espionage campaign lasted 10 years before being discovered by
security company FireEye in 2015.
The Department of Information Security said in the first
four months of this year it recorded a total of 1,056 cyberattacks on Vietnam,
a 51.4 percent year-on-year drop.
Comments
Post a Comment