An Israeli cybersecurity firm has identified a new and highly dangerous Chinese cyber-espionage tool that it says has been used to target governments around the world, The New York Times reported on Thursday.
Tel Aviv-based Check Point Software Technologies says that the tool, dubbed Aria-body, has recently been used in cyberattacks against Australia, Indonesia, Vietnam and other regional nations by Naikon, a hacking group linked to the Chinese military.
It was discovered after it was used to target a worker in Australian Prime Minister Scott Morrison’s office.
Naikon has been described by Russian cybersecurity firm Kaspersky as having conducted “at least five years of high volume, high profile, geo-political attack activity” targeting “top-level government agencies and civil and military organizations” in countries around the South China Sea.
Check Point’s Lotem Finkelstein told The Times: “The Naikon group has been running a longstanding operation, during which it has updated its new cyberweapon time and time again, built an extensive offensive infrastructure and worked to penetrate many governments across Asia and the Pacific.”
According to Check Point, Aria-body, which gains access to targets by piggybacking on Microsoft Word documents and other innocuous files, allows its users to remotely operate victims’ computers, searching for files and sending back data undetected. It also contains a key-logger which allows hackers to read what a computer user is writing in real-time. Aria-body can also be remotely configured to change its appearance between attacks.
“Throughout our research we found that the group adjusted its signature weapon to search for specific files by names within the compromised ministries,” Finkelstein said.
“This fact alone strengthens the understanding that there was a significant, well-thought infrastructure and pre-operation intelligence collection.”
Many Western nations have expressed strong opposition to China’s aggressive hacking, which has led to widespread suspicion of technology firms operating out of the authoritarian country.
Relations between China and Australia have been strained by Australia’s outlawing of covert foreign interference in politics and institutions. China is particularly angry that Australia has banned Chinese communications giant Huawei from involvement in critical infrastructure on security grounds. Huawei has become the target of US security concerns because of its ties to the Chinese government.
In January, Check Point announced that it had found flaws in the popular Chinese social media app TikTok which left it vulnerable to hacking attacks that could expose personal details.
That app, which is popular worldwide, had previously been banned by Israel’s Border Police, which warned that officers uploading videos to the app from police installations or operations could compromise Israel’s security. In December 2019, the US Army banned TikTok following warnings by the Pentagon and US lawmakers. The US Navy did the same two weeks earlier.