Israeli firm says Chinese cyber-espionage tool used to spy on governments

Tel Aviv-based Check Point says Aria-body, by hacker group tied to Chinese military, is highly advanced and hard to detect

A computer screen with program code warning of a detected malware script program. (solarseven via iStock)
A computer screen with program code warning of a detected malware script program. (solarseven via iStock)

An Israeli cybersecurity firm has identified a new and highly dangerous Chinese cyber-espionage tool that it says has been used to target governments around the world, The New York Times reported on Thursday.

Tel Aviv-based Check Point Software Technologies says that the tool, dubbed Aria-body, has recently been used in cyberattacks against Australia, Indonesia, Vietnam and other regional nations by Naikon, a hacking group linked to the Chinese military.

It was discovered after it was used to target a worker in Australian Prime Minister Scott Morrison’s office.

Naikon has been described by Russian cybersecurity firm Kaspersky as having conducted “at least five years of high volume, high profile, geo-political attack activity” targeting “top-level government agencies and civil and military organizations” in countries around the South China Sea.

In this April 12, 2018, file photo released by Xinhua News Agency, Chinese President Xi Jinping, left, speaks after he reviewed the Chinese People’s Liberation Army (PLA) Navy fleet in the South China Sea. (Li Gang/Xinhua via AP, File)

Check Point’s Lotem Finkelstein told The Times: “The Naikon group has been running a longstanding operation, during which it has updated its new cyberweapon time and time again, built an extensive offensive infrastructure and worked to penetrate many governments across Asia and the Pacific.”

According to Check Point, Aria-body, which gains access to targets by piggybacking on Microsoft Word documents and other innocuous files, allows its users to remotely operate victims’ computers, searching for files and sending back data undetected. It also contains a key-logger which allows hackers to read what a computer user is writing in real-time. Aria-body can also be remotely configured to change its appearance between attacks.

“Throughout our research we found that the group adjusted its signature weapon to search for specific files by names within the compromised ministries,” Finkelstein said.

“This fact alone strengthens the understanding that there was a significant, well-thought infrastructure and pre-operation intelligence collection.”

Many Western nations have expressed strong opposition to China’s aggressive hacking, which has led to widespread suspicion of technology firms operating out of the authoritarian country.

Researchers at the offices of Check Point Software Technologies in Tel Aviv, December 3, 2018 (Shoshanna Solomon/Times of Israel)

Relations between China and Australia have been strained by Australia’s outlawing of covert foreign interference in politics and institutions. China is particularly angry that Australia has banned Chinese communications giant Huawei from involvement in critical infrastructure on security grounds. Huawei has become the target of US security concerns because of its ties to the Chinese government.

In January, Check Point announced that it had found flaws in the popular Chinese social media app TikTok which left it vulnerable to hacking attacks that could expose personal details.

That app, which is popular worldwide, had previously been banned by Israel’s Border Police, which warned that officers uploading videos to the app from police installations or operations could compromise Israel’s security. In December 2019, the US Army banned TikTok following warnings by the Pentagon and US lawmakers. The US Navy did the same two weeks earlier.

Most Popular
read more: