10 May 2020

Chinese Military Cyber Spies Just Caught Crossing A ‘Very Dangerous’ New Line

Zak Doffman

“This is the most extensive operation we have ever reported by a Chinese APT group,” the cyber researchers at Check Point told me, warning just how “targeted and sophisticated” this five-year campaign had been. Multiple overseas governments have been compromised by this threat group’s cyber weapons, and those government systems have been used to attack other countries.

The military espionage group’s tactics, described by Check Point as “very dangerous,” involved hijacking diplomatic communication channels to target specific computers in particular ministries. The malware-laced communications might be sent from an overseas embassy to ministries in its home country, or to government entities in its host country. “The group has introduced a new cyber weapon crafted to gather intelligence on a wide scale, but also to follow intelligence officers directives to look for a specific filename on a specific machine.”

Meet Naikon, a cyber reconnaissance unit with links to the People’s Liberation Army, outed in a ThreatConnect and Defense Group Inc. report in 2015. Back then, the group’s operations were described as “regional computer network operations, signals intelligence, and political analysis of the Southeast Asian border nations, particularly those claiming disputed areas of the energy-rich South China Sea.”

And while Naikon has been seemingly quiet since then, nothing has changed. Check Point told me that it has actually been “penetrating diplomats’ PCs and taking over ministerial servers—making the group very successful in gathering intelligence from high-profile personnel and able to control critical assets.” The regional focus is the same. During those five-years, Naikon’s cyber weapons have targeted Australia, Indonesia, the Philippines, Vietnam, Thailand, Myanmar and Brunei.


Naikon’s stepping-stone approach, compromising one government to reach others, paints a clear picture of its sophistication here—this is beyond obfuscated false-flag operations. Check Point’s own investigation was triggered when “we observed a malicious email sent from a government embassy in APAC to the Australian government.” That RTF document was infected with ‘RoyalRoad’ malware, coded to drop files onto the infected computer which would then download others.


Check Point reported on this same exploit approach, also attributed to a Chinese APT, back in March—a number of documents disguised as coronavirus health warnings, purporting to come from the Mongolian government and targeting other public sector organizations inside the country. That exploit may have been similar, but the level of tradecraft was nowhere close to Naikon’s campaign.

“This is very sophisticated,” Check Point warns. “We saw [Naikon] spreading their malware through diplomatic emails between embassies and foreign governments to avoid detection of their communication with external, potentially malicious servers. They even took control of ministerial servers and turned them to their own.”

Use of Philippine government server by malware. 

CHECK POINT

The ability to target a weapon at specific files on a specific individual’s machine in a specific government ministry can be a collection or deletion tool. “This is usually associated with nation states that want to rewind faulty actions and remove traces,” Check Point explains. And given the highly charged regional politics with China’s constant battle for influence and defensive superiority, playing neighbours with a mix of belt and road carrot and militaristic stick, this is notable.


“Check Point researchers have now blown Naikon’s cover,” the firm has said, “confirming that the group has not only been active for the past five years, but has also accelerated its cyber espionage activities. Naikon’s primary method of attack is to infiltrate a government body, then use that body’s contacts, documents and data to launch attacks on others, exploiting the trust and diplomatic relations between departments and governments to increase the chances of its attack succeeding.”

The campaign discovered by Check Point includes the sophisticated cyber weapon able to compromise government systems, but also an extensive intelligence operation that determined targets and crafted the lures that baited emails being sent from one government entity to another. Sitting inside the trusted ecosystem, those emails would slip the security nets. The crafted subject matters then had specifically targeted individuals in mind. “In one example, a server used in attacks belonged to the Philippine Government’s Department of Science and Technology.”

At the heart of Naikon’s campaign was the “Aria-body” loader, a malware dating back to 2017 that is designed to open a backdoor to the APT’s command and control servers. Once executed, the loader establishes itself in the startup folder or registry of the infected machine, and then downloads a more malicious remote access trojan (RAT) from its external server, before decrypting and installing it on the machine.

The Arian-body RAT can be instructed to create or delete files or entire directories, take screenshots, search across files and gather metadata, and even log locations and keystrokes. “Its purpose,” Check Point says, “is to gather intelligence and spy on the countries whose governments it has targeted. This includes locating and collecting specific documents from infected computers and networks, but also extracting data removable drives, and taking screenshots and keylogging.”

Aria-body using checkip.amazonaws.com to get[+]

CHECK POINT

Check Point attributed the campaign to Naikon based on similarities between the code in these exploits and those reported back in 2015. “We’ve published this research as a warning and resource for any government entity to better spot Naikon’s or other hacker group’s activities,” the firm’s Lotem Finkelsteen said on publishing his team’s findings.

I am the Founder/CEO of Digital Barriers—developing advanced surveillance solutions for defence, national security and counter-terrorism. I write about the intersection…Read More

All products and services featured are independently selected by Forbes Shopping contributors and editors. When you make a purchase through links on this page, we may earn a commission.

Watching the COVID-19 crisis unfold from home can make you feel so…helpless. Practicing social distancing and staying at home as much as possible is one way to do your part. But if you’re able to, you can also help move the needle with your wallet.

There are several charities working hard to help essential workers and those impacted by the pandemic, and donating to one of them can make a difference. Many brands have also stepped up and are pledging to help in a variety of different ways. Of course, the best way to give money to these causes is to donate directly. But if you’re already planning to make purchases for things you need, buying from a company that’s also giving back can help send extra money toward coronavirus relief and aid.

Here’s a list of brands that are giving back during the COVID-19 pandemic:
Home & Kitchen Brands 

Boll & Branch: The bedding company will donate 10% of its proceeds to provide mattresses and pillows to emergency operations. Think organic, fair-trade linens that last.

Equal Parts: This high-end cookware company is donating 2% of its sales to the Food Bank for New York City and relief funds led by chefs. Equal Parts’ nested pots and pans are great for saving space.

Helix Sleep: The mattress and bedding company is donating 10% of its proceeds toward medical mattresses for COVID-19 relief. Helix Sleep has a wide range of mattresses for different sleep needs and price points.


Parachute Handmade Ceramic Vase 

PARACHUTE

Made In Cookware: The DTC cookware company is donating 15% of all sales from the Southern Smoke Collection to Southern Smoke, a nonprofit that is helping people in the food and beverage industry. You’ll find restaurant-grade pots and pans to upgrade your home kitchen.

Open Spaces: This home storage brand is donating 2% of website sales to the Food Bank for New York City and chef-led relief funds. Open Spaces features plenty of colored wire baskets and sleek underbed storage to help organize your home.

Otherland: The scented candle company is donating 10% of proceeds to the Food Bank for New York City when you use the code “SUNSHINE” at checkout. You’ll spot delicious-smelling candles you can buy a la cart or use to create a customized three-pack.


Parachute: The home decor company is donating face masks to those in need when a customer buys a pack of five face masks. The masks are currently sold out but the next batch is available for pre-order. In the meantime, look for elevated decor and bedding to outfit your home.
Grocery & Delivery Services 

Milk Bar B’day Cake Truffles 

MILK BAR

DoorDash: As part of a partnership with United Way Worldwide, the delivery service is sending groceries and prepared meals to households in need. Use the website or app to have food delivered from just about anywhere.

FreshDirect: The grocery delivery service allows you to add a donation to your order to buy food for people in need through New York Common Pantry. FreshDirect is a quick and easy way to have all your grocery needs filled.

Freshly: The meal delivery service has partnered with Nestlé to donate $500,000 to Meals on Wheels America. Have chef-created, healthy meals delivered right to your door.

Hydrant: The hydration-focused company is donating 6,000 rapid rehydration packs to doctors, nurses, and hospital administrators, as well as offering free products to healthcare workers who DM them on Instagram. Hydrants drink packs infuse electrolytes into your beverages without all the added sugar that comes with sports drinks.

Magic Spoon 

MAGIC SPOON

Milk Bar: The famous bakery is donating to the Restaurant Workers’ Community Foundation COVID-19 Crisis Relief Fund. Don’t miss their notoriously yummy birthday day cake truffles.

Magic Spoon: The healthy cereal company is donating 20,000 boxes of cereal to children in New York City. Think tasty high protein, low carb cereals in fun boxes.

Pop Up Grocer: The grocery delivery box company is donating 10% of proceeds from their grocery, home, and body care products to Feeding America. Sign up to get new, interesting grocery products delivered to your doorstep.

Purple Carrot: The plant-based meal delivery service is donating a percentage of all sales to Feeding America through the end of May. Purple Carrot offers up everything you need to eat more plant-based foods at home.

Clothing & Accessories 

Wwake 

WWAKE

Allbirds: This shoe brand is distributing free Tuke Matcha Wool Runners to healthcare workers in the U.S. Stock up on comfy, celebrity-loved sneakers here.

Adidas: The athletic company has donated $3.2 million to the COVID-19 Solidarity Response Fund and is producing 18,000 3D-printed face shields a week for first responders and healthcare professionals in the U.S. Don’t miss funky athleisure and must-have sneakers.


Bonobos: The men’s clothing store is donating 10% of sales to the COVID-19 Solidarity Response for the World Health Organization. Don’t miss their cool-patterned shirts and sleek sweats.

Disney: The much-loved brand is donating one million cloth face masks to children and families in underserved and vulnerable communities across the U.S. Shop sweet athleisure, Mickey-themed kitchen supplies, and fun Disney trinkets.

Everlane: This clothing company has a line called the 100% Human Collection, which gives 100% of the profits to Feeding America’s COVID-19 Response Fund. Everlane is a great spot for basic tees and classic looks.

Modern Citizen: The chic clothing store will donate $10 from every order of $150 or more to Feeding America’s COVID-19 Response Fund. Don’t miss their sleek and trendy dresses.


Nike: The company has partnered with Oregon Health & Science University to provide full-face shields and powered and air-purifying respirator lenses to front-line workers. Load up on all of your athletic gear and athleisure here.

Nordstrom: The upscale retailer and its affiliates have partnered with Kaas Tailored, Providence, and Ascension to create more than 100,000 masks. Look for everything from pretty totes to upmarket household items, and everything in between.

Paige: The fashion brand is donating 20% of all profits to St. Vincent Meals on Wheels. Come for the looks; Don’t leave without scoring new jeans.

Rhone: This men’s clothing brand is donating 10% of all its proceeds to the Direct Relief Foundation. Rhone has a wide variety of athleisure to check out.

Universal Standard: The size-inclusive brand is giving medical workers a free piece of clothing from the Foundation collection. (Any medical worker who is interested should email us@universalstandard.net.) The company’s form-fitting dresses suit just about any body type. 

Vida: The fashion brand is donating 10% of their profits to the San Francisco Marin Food Bank and the Food Bank for New York City to support people impacted by COVID-19. Check out pretty scarves, essential tees, and select gear for your home.

Wwake: The jewelry company launched an effort to pick up and deliver donated PPE to New York City medical workers over Instagram, and are donating one jewelry gift to a different medical worker nominated by followers every Friday as a thank you for their work. Think statement-making jewels with a fun twist.

Zappos: The shoe store has partnered with Crocs for the “Free Pair for Healthcare” initiative, which donates to healthcare workers. From casual sandals to athletic shoes, they’ve got you covered.

Beauty & Grooming Brands 

Goody: The hair company has donated thousands of elastics and head wraps to hospitals in New York City and Virginia. Don’t miss their ouchless hair ties, especially if you have a sensitive scalp. 

The Honest Company: The eco-friendly company has committed to donating 3 million diapers, 30,000 packs of wipes, and 20,000 personal care products to help children in need. Don’t miss their adorable, Earth-friendly printed diapers, and environmentally-safe body washes.

Kiehl’s: This beauty brand is donating 500,000 meals to Feeding America’s COVID-19 Response Fund. The company features a wide range of skincare, lotions, masks, and hair products to suit all skin and hair types. 

Lancer: The skincare brand is giving you 20% off your purchase when you use the code GIVEBACK, and donating 10% of the proceeds to No Kid Hungry. Stock up on peels and masks to give skin a boost.

Lush: This cleansing giant has donated thousands of scent-free soap products to hospitals, airports, and frontline workers. Snatch up pretty, yummy-smelling soaps that make great gifts here.

MAC Cosmetics: The beauty company is donating $10 million to help high-risk people during the COVID-19 pandemic. Scope out statement-making lipsticks, fun palettes, and classic makeup supplies.

Orly: The nail company is creating and donating 10,000 hand sanitizers to the city of Los Angeles. You’ll find hot colors, basic shades, and more manicure supplies.

Sexy Hair: Sexy Hair has donated more than 1,500 dry shampoos to hospital workers across the U.S. Find your volumizing spray and go-to dry shampoo here.

Sun Bum: This beachy brand has donated hand sanitizer, moisturizers and other personal care products to people and organizations on the front line. It’s also sent gift cards to independent surf shops to help employees buy essentials. Don’t miss Sun Bum’s cruelty-free, vegan sunscreen and heat protectant spray for hair.

Thinx: The period-focused company is providing healthcare workers with free period products. They sent a donation of 1200 products directly to healthcare workers in Wuhan, China, and they’re donating to hospitals in New York City. Shop everything from period-friendly high-waisted boy shorts to thongs.

Tom’s of Maine: The natural hygiene company has supplied $500,000 of its products to help frontline workers. Don’t miss their natural toothpastes and deodorants. 
Consumer Tech 

GETTY

AT&T Wireless: The phone company is offering a 25% discount on unlimited wireless service to military members, veterans, and first responders through the end of May.


Apple: The tech giant has sourced and gathered 20 million masks, donating at least 10 million of them to healthcare workers in the U.S. They’re also designing medical face masks. Check out the Apple Watch Series 5 or affordable iPhone SE.

Audible: This audiobook streaming company isn’t charging to stream a collection of educational (and fun) kids’ books. Get all of your audiobook needs filled here.

B&H Photo: The photo and video brand has partnered with their suppliers to donate gear to the teams at Mount Sinai and other New York City hospitals to help medical workers stay in touch with loved ones. Get high-tech gear at affordable prices.

Casetify: The tech accessories company is giving 100% of proceeds from the new Casetify UV Sanitizer to the GlobalGiving Coronavirus Relief Fund. Don’t miss their slim phone protectors in a wide range of styles.

Loom: The company’s software lets users share their screen, webcam, and microphone. Loom has made its Loom Pro service free to all educators to help with online learning, and removed recording limits on its free plan. Use this to help make presentations for work or for loved ones.

PopSockets: The phone accessories brand created two new PopSockets to support Feeding America and Doctors Without Borders. A hundred percent of the proceeds from their Trust Me I’m a Dogtor and Open Your Heart PopSockets go toward the respective charities.

Razer: The gaming company is converting some of its gaming manufacturing lines to create and donate 1 million masks to countries in need. Load up on gaming friendly consoles and headsets here.

No comments: