China is a hot spot for Advanced Persistent Threat groups (APTs) of both the criminal and government (or hybrid) variety. China-based APT routinely pull off extremely skillful attacks against entities using a variety of methods and means that is truly impressive. These attacks are usually reported when they occur against Western nations, however, the Chinese APTs don’t limit themselves geographically and will happily go after any target of opportunity. This includes the governments of the other Asia-Pacific countries, such as Australia, Vietnam, Thailand, and others which have found themselves in the sights of Naikon.
A long-term, multi-year attack has been underway against these various governments, with the goal of gaining access and gather intelligence data. These attacks rely on tried-and-true methods, such as phishing to establish a universe of targets and identify weak points followed up by a spear-phishing campaign to leverage known information and exploit openings.
From there infected devices are used to dig deeper into target networks and increase the resistance of the attack to removal. Naikon’s origins, funding, and motivations are not well-known at the moment, with the group first garnering attention in 2015 with a report by ThreatConnect which linked them to the People’s Liberation Army (PLA) of China. While this report has not been verified by other cyber researchers, it wouldn’t be surprising if Naikon is supported by or actually a part of the PLA. Other APTs such as UNIT 61398 (the Comment Crew) UNIT 61486 (Putter Panda) are recognized legitimately part of the PLA and some, such as Red Apollo, are backed by other parts of the Chinese government. Government-backed APTs are the norm, rather than the exception, and every nation maintains one or more APT groups. The United State’s NSA has the “Equation Group” which operates in total secrecy, to the point that a leaked report by the CIA was still working to determine who was a member of it.
