A new report by Kaspersky Lab shows how the threat actor Naikon has spent the last five years successfully infiltrating national organizations around the South China Sea.
Experts said they have discovered that Naikon attackers appear to be Chinese-speaking and that their primary targets are top-level government agencies and civil and military organizations in countries such as the Philippines, Malaysia, Cambodia, Indonesia, Vietnam, Myanmar, Singapore, and Nepal.
The report charts five years of cyberespionage targeting government, military and civil organizations around the South China Sea - from setting up spying infrastructure within a country’s borders for real-time connections and data mining, to spying tools with 48 commands.
It identified the following hallmarks of Naikon operations:
*Each target country has a designated human operator, whose job it is to take advantage of cultural aspects of the country, such as a tendency to use personal email accounts for work;
*The placing of infrastructure (a proxy server) within the country’s borders to provide daily support for real-time connections and data exfiltration;
*At least five years of high volume, high profile, geo-political attack activity;
*Platform-independent code, and the ability to intercept the entire network traffic;
*48 commands in the repertoire of the remote administration utility, including commands for taking a complete inventory, downloading and uploading data, installing add-on modules, or working with the command line.