Cyber attack on WA government
International reports say a cyber spy group tried to install a backdoor in the Western Australian Department of Premier and Cabinet’s computers.
Naikon’s existence has been known for several years, but it has been almost silent since 2015. Experts suggest the group has since increased its emphasis on stealth.
But Naikon is now making headlines again, with a recent campaign attempting the takeover of a diplomat’s computer.
“Our investigation started when we observed a malicious email sent from a government embassy in APAC to an Australian state government,” the security firm Check Point said.
The email contained a ‘weaponised’ RTF file attachment.
Reports say the attacker “was able to take over the computer used by an Indonesian diplomat at the embassy in Canberra.”
“The hacker found a document that the diplomat was working on, completed it and then sent it to the staff member in the Western Australian [Department of Premier and Cabinet] office,” according to the New York Times.
If the recipient had opened the altered document, a backdoor called Aria-body would have been installed, allowing outsiders to take control of the victim’s computer.
Check Point says the only reason this did not happen was because the hacker sent the email to a wrong address in the department, causing a bounceback.
“The transmission aroused suspicion that something in the original message was fishy, the authors of Check Point’s report wrote. That prompted the investigation that revealed the attempted attack - and its novel weapon,” the New York Times story states.
Check Point Research says Naikon has targeted “several national government entities” in Indonesia, the Philippines, Vietnam, Thailand, Myanmar and Brunei.
“The targeted government entities include ministries of foreign affairs, science and technology ministries, as well as government-owned companies,” it said.
“Interestingly, the group has been observed expanding its footholds on the various governments within APAC by launching attacks from one government entity that has already been breached, to try and infect another.”