Kaspersky Lab: Targeted attacks on South Asian states

Kaspersky Lab: With actions ranging from the creation of intelligence infrastructure within a country for real-time connections and actions date mining, reaching as far as the creation of 48-command espionage tools, the threatening carrier Naikon has managed to successfully infiltrate national organizations of countries in the South China Sea region, within the last five years, according to its research. Kaspersky Lab.Naikon Kaspersky Lab

The company's experts Kaspersky Lab have discovered that Naikon attackers appear to be of Chinese descent and that their primary goals are state-owned agencies and political and military organizations in countries such as the Philippines, Malaysia, Cambodia, Indonesia, Vietnam, Myanmar, Singapore, Nepal, Thailand, Laos and China.

Kaspersky Lab identified the following features in Naikon's businesses:

  • At least five years of aggressive activity with geopolitical goals, which was manifested in high intensity and against major organisms
  • Each target country has a predefined administrator who exploits data from the local culture, such as the trend of using personal accounts for the job.
  • The placement of infrastructures (a proxy server) within the country's borders to provide day-to-day support for real-time connections and data mining.
  • Use of code that was not affected by specific platforms and the ability to monitor and intercept across the network as a whole.
  • 48 commands in the remote management repertoire, including commands for full inventory, data capture and upload, installation of add-on functions, or work at the command line.

The threatening Naikon digital espionage organization was first reported by Kaspersky Lab in a recent report, titled "The Chronicles of Hellsing APT: Empire Attacks", where the player played a key role in a unique story of counter-attack and revenge in the world of Advanced Persistent Threats (APT). The Hellsing team is another threatening player who decided to avenge an attack on the Naikon team.

"The criminals behind Naikon's attacks have managed to devise a very flexible infrastructure that can be set up in each target country, by being able to channel information from victim-systems to the administration center. With this infrastructure, if the attackers decided to chase another target in another country, they could simply create a new connection. Also, the group activity Naikon was also facilitated by the existence of managers who were committed to their specific set of objectives, said Kurt Baumgartner, Principal Security Research at Kaspersky Lab's Worldwide Research and Analysis Group.

Naikon's goals are attacked by traditional spear-phishing techniques by email that carry attachments that are designed to match the interests of the potential victim. Attachments might look like a Word document, for example, but they were actually executable files with double extension.

Kaspersky Lab urges organizations to protect themselves from the Naikon espionage campaign, following some basic guidelines:

  • Do not open attachments and links from senders who do not know
  • Use an advanced anti-malware solution
  • If there are any doubts about an attachment file, it's better to open it in a sandbox environment
  • Make sure they have an upgraded operating system with all the necessary patches installed

Kaspersky Lab solutions protect users from this threat by identifying it with the "Automatic Exploit Prevention" feature. The threat is listed under the code names "Exploit.MSWord.CVE-2012-0158", "Exploit.MSWord.Agent", "Backdoor.Win32.MsnMM", "Trojan.Win32.Agent" and "Backdoor.Win32.Agent ".

More information about Naikon is available on the site Securelist.com.

Registration in iGuRu.gr via Email

Enter your email to subscribe to the email notification service for new posts.

Read them Technology News from all over the world, with the validity of iGuRu.gr

Follow us on Google News iGuRu.gr at Google news