{"id":5772,"date":"2015-05-20T09:00:36","date_gmt":"2015-05-20T13:00:36","guid":{"rendered":"http:\/\/kasperskydaily.com\/uk\/?p=5772"},"modified":"2020-02-26T15:11:09","modified_gmt":"2020-02-26T15:11:09","slug":"naikon-apt-south-china-sea","status":"publish","type":"post","link":"https:\/\/www.kaspersky.co.uk\/blog\/naikon-apt-south-china-sea\/5772\/","title":{"rendered":"Naikon APT steals geopolitical data from the South China Sea"},"content":{"rendered":"

The Chinese-language Naikon advanced persistent threat<\/a> group is targeting military, government and civil organizations located in and around the South China Sea, which is an increasingly contentious hot-bed of territorial disputes between various Southeast Asian nations.<\/p>\n

Like many APT campaigns, Naikon infects its victims with spear-phishing emails<\/a> in which malicious executables masquerade as seemingly relevant document attachments. When a victim open\u2019s one of these malicious attachments, a decoy document appears as an executable file quietly exploits an old Microsoft Office vulnerability, installing malware on the victim\u2019s machine.<\/p>\n

For five years, the APT group has employed cultural liaisons for each of its target countries. In this way, Naikon is able to exploit cultural tendencies, such as the reliance on personal email addresses to conduct business. Attackers exploited this reality by creating email addresses that appeared similar to those in actual use, which the attackers were able to leverage to send more affective phishing messages<\/a>.<\/p>\n

\n

Hellsing APT retaliates against Naikon attackers with own phishing ploy | http:\/\/t.co\/fah3HZ81Aj<\/a> pic.twitter.com\/QUwv6hvzVK<\/a><\/p>\n

\u2014 SC Media (@SCMagazine) April 15, 2015<\/a><\/p><\/blockquote>\n