back to article High-level, state-sponsored Naikon hackers exposed

The activities of yet another long-running apparently state-sponsored hacking crew have finally been exposed. The Naikon cyber-espionage group has been targeting government, military and civil organisations around the South China Sea for at least five years, according to researchers at Kaspersky Lab. The Naikon attackers …

  1. Ole Juul

    over and over and over

    The group relies on standard cyber-spy tactics: custom malware and spear phishing featuring emails carrying attachments designed to be of interest to the potential victim.

    How is it possible for a foreigner, or even a local with good language skills, to craft an e-mail that would look like an appropriate thing to click on? Are government employees not told about this kind of threat? Surely if they're even hire-able in the first place they can tell departmental business from garbage.

    1. omnicent
      Facepalm

      Re: over and over and over

      Did you not read the article..?

      Dedicated human operator per region - Humans can learn stuff about stuff (also the article linked mentions using open-source or stolen internal docs to build templates)

      Targeting cultures where personal emails are used for work - i.e. lax places...

    2. Anonymous Coward
      Anonymous Coward

      Re: over and over and over

      "Surely if they're even hire-able in the first place they can tell departmental business from garbage."

      If, as the article suggests, they're highly placed government workers, they will be expected to be up to speed with goings on in local and foreign politics, what the press are saying, and the output of numerous external analysts and think tanks. If you routinely receive unsolicited external emails with work-related attachments then you're going to be vulnerable to clicking on something that looked credible, but has a payload. You could have a rule that bans opening attachments (or even have the mail server delete them automatically), but it then creates a very embarrassing problem when the head honcho screams "why wasn't I aware of X?", and the answer is "because the IT people deleted the documents which would have told us about X".

      You'd have thought that any competent IT department would be able to strip out commodity grade malware, but dealing with a state sponsored hacking team, there's every chance that they could be using zero day exploits against which your defences are weak. Defending against state sponsored hacking is always going to be very difficult.

    3. Mark 85

      Re: over and over and over

      Happens in every country with even normal citizens. Think "Nigerian Scam" and others. People just assume that email in their inbox is for them. At work, it's obviously important email for them. If people were as you think, there would be a whole bunch of us IT Support types out of work because our users wouldn't click on this kind of stuff.

    4. Anonymous Coward
      Anonymous Coward

      Re: Surely if they're even hire-able

      You're thinking badly. Last big breach here was obvious spam, but some near six-figure salary guy opened it anyway. Yeah, you sorta read about it in the papers,* but it was mostly hidden from view given the size of the breach and what was at risk. Yep, it came in an email. Yep, it was a link to a document. Yep, it was an HR type thing that was sent to non-HR type people. I think it even had an obvious misspelling (I barely eked out C+'s in that subject and live by my spell checker [like now when I initially typed "eeked"] and I noticed it) in a one sentence body.

      *No, it wasn't US national defense, but given what it was and the interest in certain topics by certain editors here at El Reg, if what is was had actually been disclosed, I'm pretty sure it would have made at least two headlines (Yeah, I'm look at Lewis and his counterpart Andrew. Yeah, comments probably would have gone 300+ on each article.).

  2. Trollslayer

    Who do they think they are?

    The NSA?

  3. frank ly

    an executable file with a double extension.

    Otherwise known as an executable file with a name that might fool people who don't have a clue, such as those working in government, military and other nationally important organisations. How much effort would it take to train people about this?

    1. Paul Crawford Silver badge

      Re: an executable file with a double extension.

      Are systems still not filtering this stupid (but obviously effective) trick some 20 years after the dumbness was first noticed?

      Strewth, as our antipodean cousins might say.

    2. Peter2 Silver badge

      Re: an executable file with a double extension.

      Very little.

      But how much effort would it take to strip .exe's off of emails at the gateway? Even if your firewall doesn't support it then you can implement this via free software such as Xeams.

      And how much effort would it take to put a Software Restriction Policy in place that simply prevents users from running executables outside of %program files%? (this also hinders people posting you viruses on USB etc)

      The answer to both of those questions is "very little" as well. It'd also be free, since the tools for the first can be used for nothing, and the tools for the second and built into windows. It'd also annihilate an entire family of attacks.

      This would however require that the responsible admins actually do more than "very little" to harden their network. Just doing an out of the box install and then installing some form of AV on your endpoints and declaring the network "secure" is not really good enough these days.

    3. Robert Helpmann??
      Childcatcher

      Re: an executable file with a double extension.

      How much effort would it take to train people about this?

      It isn't so much an issue of how much effort it takes to train people It's more accurately the amount of effort needed to get people to consistently follow the training. This seems to be the social equivalent to a physical object achieving the speed of light. You can put more and more energy into it and get closer and closer to the goal, but never get there.

    4. Big-nosed Pengie

      Re: an executable file with a double extension.

      But surely they'd see the double extension and...oh...wait...Windows users.

      But surely they wouldn't allow important systems to run unapproved exe files and...oh...wait...Windows users.

      A pattern is starting to emerge.

  4. silent_count
    Alien

    "Naikon has developed platform-independent code [...] "

    Yeah right! It's on the desk over there, next to the perpetual motion device. Unless.. maybe the reason Kaspersky is reluctant to implicate a country is because that would be secondary to implicating the Naikon crew's home planet. ----->

    1. Anonymous Coward
      Unhappy

      you mean... the french?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like