• About
  • Advertise
  • Careers
  • Write for us
  • Contact
  • Terms of service
No Result
View All Result
Wednesday, March 3, 2021
THE MILLENNIAL SOURCE
  • World
  • US
  • Asia
  • Politics
  • Business
  • Profiles
  • Lifestyle
    • Food & Travel
    • Tech & Money
    • Health
    • Entertainment
  • Newsletter
TMS
No Result
View All Result
Home WORLD

What you should know about Aria-body, a backdoor hacking tool with ties to the Chinese military

byJoseph Lyttleton
May 17, 2020
in WORLD
Reading Time: 5 minute read
What you should know about Aria-body, a backdoor hacking tool with ties to the Chinese military

Source: Bill Hinton Photography

Share on FacebookShare on TwitterShare on Linkedin



On May 7, a leading team of cyber threat experts reported on a string of cyberattacks by Naikon APT, a group of hackers with ties to China’s military. 

The attack, directed at countries in the Asia Pacific (APAC) region, used what is known as a backdoor tool called “Aria-body.” The New York Times reported on the attack, which was initially discovered by an Israel-based cyber firm, Check Point.

This type of cyberattack, which can give hackers access to and even control of foreign government computer systems, is standard in the world of cyber espionage. Though the group behind this recently uncovered attack has ties to the Chinese government, cyberattacks have become a part of many countries’ arsenals, including the United States.

What is Aria-body?

Aria-body is what is known as a backdoor, a common hacking term for any tool that is used to gain access to a computer or server without using the traditional access points.

Backdoors are not merely used by hackers. An administrator or software creator may legitimately use one to repair or clean a system. They provide high-level access to a system and are often necessary for proper maintenance. However, when backdoors are used by hackers, they can give unauthorized users access to sensitive information, or even allow that person to control the system.

While a backdoor may be part of the original programming, hackers utilize different ways to plant their backdoor tools on a targeted computer or system. This is often done with what is known as a Remote Access Trojan (RAT).

Like a Trojan virus, RAT is a reference to the Greek story of the Trojan Horse. It’s a dangerous tool hidden inside a seemingly innocuous file. Trojan software of this type is also known as malware.

Backdoor tools can do different things, but in the specific case of Aria-body, they are designed, according to Check Point, to gather “data on the victim’s machine, including: Host-name, computer-name, username, domain name, windows version, processor ~MHz, MachineGuid, 64bit or not, and public IP.”

What is Naikon APT?

The activities of Naikon APT, the group behind the Aria-body-based attack that communicates in Chinese, have been tracked for years. In 2015, two cyber security groups, ThreatConnect and Defense Group Inc., released an extensive report on the group which, they claimed, was responsible for “targeted cyber espionage infrastructure activity.”

APT stands for Advanced Persistent Threat and can refer to any type of cyberthreat actor, though it is most often associated with state-backed groups.

The main actor in the report is Ge Xing, a hacker known as GreenSky27, who is alleged to be part of China’s official army, the People’s Liberation Army (PLU). Ge’s specific unit was the Chengdu Military Region Second Technical Reconnaissance Bureau, or simply Unit 78020. 

This unit, which oversaw state-funded hacking initiatives, was found to be tied to the activities of Naikon APT.

Naikon APT, which first came to the broader attention of cyber security experts in June 2013, has, in the words of a ThreatPost analysis of the report, stolen “sensitive data and intellectual property from military, diplomatic and enterprise targets in a number of Asian countries, as well as the United Nations Development Programme and the Association of Southeast Asian Nations (ASEAN).”

Who were the most recent targets?

The targets of Naikon APT have by and large been localized to Southeast Asia and countries around the South China Sea. These groups are frequently grouped together as APAC, a geographically connected assortment of countries connected by international commerce and politics.

Check Point’s investigation of the latest Aria-body attack lists Australia, Indonesia, the Philippines, Vietnam, Thailand, Myanmar and Brunei as known targets. Within those targets, Naikon APT focused on hacking the systems of offices related to foreign affairs and science and technology. They also targeted government-owned companies.

According to Check Point, based on the target victims, “It is evident that the group’s purpose is to gather intelligence and spy on the countries whose Governments it has targeted.”

State-backed hackers

Hacking is an increasingly common tool of international conflict in the modern world. 

Nations like Russia, Syria and North Korea are frequently discussed in relation to this field, which generally involves cyber espionage and debilitating attacks. But these conventional adversaries of the US are hardly the only countries to utilize hackers.

In the 2000s, the United States teamed up with Israel to develop the Stuxnet virus to undermine Iran’s attempts to develop nuclear weapons. The development of the virus, which was confirmed by officials in the Obama Administration in 2012, was known by the codename “Olympic Games.”

While the recently reported evidence doesn’t suggest Naikon APT targeted any US entities, the current COVID-19 pandemic has created a perfect storm for state-backed hacking activities.

Wired reported that Google’s Threat Analysis Group had found state-sponsored hacking campaigns had targeted employees in the US government. Google has determined there are at least 12 state-sponsored groups using the current pandemic to send phishing emails to plant malware on the computers of unsuspecting recipients.

The hacker groups that targeted US employees reportedly sent emails that appeared to be from fast-food chains providing updates on their coronavirus response. The emails included fake coupons for free meals or links to malicious sites that were used to collect personal data.

Google says most of the emails were caught by spam filters, but some managed to still get through. There is no indication that any US government accounts were compromised by these latest coronavirus-related attacks.

Have a tip or story? Get in touch with our reporters at [email protected]

Sign up for daily news briefs from The Millennial Source here!

Related

Tags: Longer readPolitics
Share7TweetShare

Latest Posts

The future of cryptocurrency

The future of cryptocurrency

March 3, 2021
After an ascendant 2020, New York Governor Andrew Cuomo is having a terrible 2021

After an ascendant 2020, New York Governor Andrew Cuomo is having a terrible 2021

March 3, 2021
The Biden administration's changes to the Paycheck Protection Program

The Biden administration’s changes to the Paycheck Protection Program

March 2, 2021

What are NFTs?

March 2, 2021

The Dasgupta Review offers economically viable solutions for combating climate change

March 2, 2021

Here are the biggest take-aways from CPAC 2021

March 1, 2021

LinkedIn is launching its own service for freelancers

March 1, 2021

The House passed a COVID relief bill. What’s in it?

February 28, 2021

The Dasgupta Review urges us to rethink the economics of climate change and nature

February 28, 2021
  • About
  • Advertise
  • Careers
  • Write for us
  • Contact
  • Terms of service

© 2020 The Millennial Source Ltd.

No Result
View All Result
  • World
  • US
  • Asia
  • Politics
  • Business
  • Profiles
  • Lifestyle
    • Food & Travel
    • Tech & Money
    • Health
    • Entertainment
  • Newsletter

© 2020 The Millennial Source Ltd.

Welcome Back!

Login to your account below

Forgotten Password?

Create New Account!

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

We are using cookies to give you the best experience on our website.

You can find out more about which cookies we are using or switch them off in settings.

The Millennial Source
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

Strictly Necessary Cookies

Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.

If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.