AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
![]() Once designated by the Ministry as being responsible for anti-espionage work, entities must vet and train personnel, particularly ahead of any foreign trips, after which they must be debriefed about any national security issues – essentially treating a broad range of bodies, including potentially universities and private businesses, as if they are sensitive government agencies. The regulations create new responsibilities for a host of bodies – including “social groups, enterprises and public institutions” – to keep a watch out for and prevent foreign espionage activity. This includes locating and collecting specific documents from infected computers and networks, but also extracting data removable drives, and taking screenshots and keylogging.China is stepping up anti-espionage activities amid worsening ties with the United States and a renewed focus on national security ahead of a key Communist Party anniversary later this year.Īnnouncing the new regulations Monday, state news agency Xinhua quoted a senior official at the Ministry of State Security as saying “overseas espionage and intelligence agencies and hostile forces have intensified infiltration into China, and broadened their tactics of stealing secrets in various ways and in more fields, which poses a serious threat to China’s national security and interests.” “Its purpose,” Check Point says, “is to gather intelligence and spy on the countries whose governments it has targeted. The Arian-body RAT can be instructed to create or delete files or entire directories, take screenshots, search across files and gather metadata, and even log locations and keystrokes. Once executed, the loader establishes itself in the startup folder or registry of the infected machine, and then downloads a more malicious remote access trojan (RAT) from its external server, before decrypting and installing it on the machine. “In one example, a server used in attacks belonged to the Philippine Government’s Department of Science and Technology.”Īt the heart of Naikon’s campaign was the “Aria-body” loader, a malware dating back to 2017 that is designed to open a backdoor to the APT’s command and control servers. The crafted subject matters then had specifically targeted individuals in mind. ![]() Sitting inside the trusted ecosystem, those emails would slip the security nets. The campaign discovered by Check Point includes the sophisticated cyber weapon able to compromise government systems, but also an extensive intelligence operation that determined targets and crafted the lures that baited emails being sent from one government entity to another. “Check Point researchers have now blown Naikon’s cover,” the firm has said, “confirming that the group has not only been active for the past five years, but has also accelerated its cyber espionage activities. Naikon’s primary method of attack is to infiltrate a government body, then use that body’s contacts, documents and data to launch attacks on others, exploiting the trust and diplomatic relations between departments and governments to increase the chances of its attack succeeding.” And given the highly charged regional politics with China’s constant battle for influence and defensive superiority, playing neighbours with a mix of belt and road carrot and militaristic stick, this is notable. ![]() “This is usually associated with nation states that want to rewind faulty actions and remove traces,” Check Point explains. The ability to target a weapon at specific files on a specific individual’s machine in a specific government ministry can be a collection or deletion tool. Use of Philippine government server by malware.
0 Comments
Read More
Leave a Reply. |