Kaspersky Lab: Targeted attacks on South Asian states

Kaspersky Lab: With actions starting from spying infrastructure within a country's borders for real-time connections and actions date mining, reaching as far as the creation of 48-command espionage tools, the threatening carrier Naikon has managed to successfully infiltrate national organizations of countries in the South China Sea region, within the last five years, according to its research. Kaspersky Lab.Naikon Kaspersky Lab

The company's experts Kaspersky Lab have discovered that Naikon attackers appear to be of Chinese descent and that their primary goals are state-owned agencies and political and military organizations in countries such as the Philippines, Malaysia, Cambodia, Indonesia, Vietnam, Myanmar, Singapore, Nepal, Thailand, Laos and China.

Kaspersky Lab identified the following features in Naikon's businesses:

  • At least five years of aggressive activity with geopolitical goals, which was manifested in high intensity and against major organisms
  • Each target country has a predefined administrator who exploits data from the local culture, such as the trend of using personal accounts for the job.
  • The placement of infrastructures (a proxy server) within the country's borders to provide day-to-day support for real-time connections and data mining.
  • Use of code that was not affected by specific platforms and the ability to monitor and intercept across the network as a whole.
  • 48 commands in the remote management program's repertoire, including commands to perform a full inventory, download and send data, install add-on features, or work on of commands.

The threatening Naikon digital espionage organization was first reported by Kaspersky Lab in a recent report, titled "The Chronicles of Hellsing APT: Empire Attacks", where the player played a key role in a unique story of counter-attack and revenge in the world of Advanced Persistent Threats (APT). The Hellsing team is another threatening player who decided to avenge an attack on the Naikon team.

"The criminals behind Naikon's attacks have managed to devise a very flexible infrastructure that can be set up in each target country, by being able to channel information from victim-systems to the administration center. With this infrastructure, if the attackers decided to chase another target in another country, they could simply create a new connection. Also, the group activity Naikon was also facilitated by the existence of managers who were committed to their specific set of objectives, said Kurt Baumgartner, Principal Research in Kaspersky Lab's Global Research and Analysis Group.

Naikon's targets are attacked using traditional spear-phishing techniques, via emails that carry attachments designed to match the potential victim's interests. The attachments could look like, say, a Word document, but were actually executables with double extension.

Kaspersky Lab urges organizations to protect themselves from the Naikon espionage campaign, following some basic guidelines:

  • Do not open attachments and links from senders who do not know
  • Use an advanced anti-malware solution
  • If there are any doubts about an attachment file, it's better to open it in a sandbox environment
  • Make sure they have an upgraded operating system with all the necessary patches installed

Kaspersky Lab solutions protect users from this threat by detecting it with the “Automatic Exploit ". The threat has been codenamed “Exploit.MSWord.CVE-2012-0158”, “Exploit.MSWord.Agent”, “Backdoor.Win32.MsnMM”, “Trojan.Win32.Agent” and “Backdoor.Win32.Agent” ".

More information about Naikon is available on the site Securelist.com.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.082 registrants.

Written by Dimitris

Dimitris hates on Mondays .....

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).