From setting up spying infrastructure within a country’s borders for real-time connections and data mining, to spying tools with 48 commands, a new report by Kaspersky Lab shows how the threat actor Naikon has spent the last five years successfully infiltrating national organisations around the South China Sea.
Experts have discovered that Naikon attackers appear to be Chinese-speaking and that their primary targets are top-level government agencies and civil and military organisations in countries such as the Philippines, Malaysia, Cambodia, Indonesia, Vietnam, Myanmar, Singapore, and Nepal.
Kaspersky Lab has identified the following hallmarks of Naikon operations:
- Each target country has a designated human operator, whose job it is to take advantage of cultural aspects of the country, such as a tendency to use personal email accounts for work;
- The placing of infrastructure (a proxy server) within the country’s borders to provide daily support for real-time connections and data exfiltration;
View original post 296 more words