China’s military tied to debilitating new tool for cyberattacks
On the morning of Jan. 3, an email was sent from the Indonesian Embassy in Australia to a member of the premier of Western Australia’s staff who worked on health and ecological issues. Attached was a Word document that aroused no immediate suspicions, since the intended recipient knew the supposed sender.
The attachment contained an invisible cyberattack tool called Ariabody, which had never been detected before and had alarming new capabilities. Hackers who used it to remotely take over a computer could copy, delete or create files and carry out extensive searches of the device’s data, and the tool had new ways of covering its tracks to avoid detection.
Now a cybersecurity company in Israel has identified Aria-body as a weapon wielded by a group of hackers, called Naikon, that has been traced to the Chinese military.
And it was used against far more targets than the office of Mark McGowan, the premier of Western Australia, according to the company, Check Point Software Technologies, which released a report Thursday about the tool.
In the preceding months, Naikon also used it to hack government agencies and state-owned technology companies in Indonesia, the Philippines, Vietnam, Myanmar and Brunei, according to Check Point, which said the attacks underscored the breadth and sophistication of China’s use of cyberespionage against its neighbors.
“The Naikon group has been running a longstanding operation, during which it has updated its new cyberweapon time and time again, built an extensive offensive infrastructure and worked to penetrate many governments across Asia and the Pacific,” said Lotem Finkelstein, head of the cyberthreat intelligence group at Check Point.
What made these attacks so alarming, according to Check Point and other experts on Chinese cyberespionage, was the intrusive capabilities of Aria-body, the group’s new tool.
Aria-body could penetrate any computer used to open the file in which it was embedded and quickly make the computer obey the hackers’ instructions.
That could include setting up a secret, hard-todetect line of communication by which data on the targeted computer would flow to servers used by the attackers.
It could replicate typing being done by the target user, meaning that had the Australia attack not been detected, the tool would have allowed whoever controlled it to see what a staff member was writing in the premier’s office in real time.
“We know that China is probably the single biggest source of cyberespionage coming into Australia by a very long way,” said Peter Jennings, a former Australian defense official who is executive director of the Australian Strategic Policy Institute.
Faced with such criticism in recent years, Beijing has maintained that it is opposed to cyberattacks of any kind and that the Chinese government and military do not engage in hacking for the theft of trade secrets.
China’s cyberespionage efforts have shown no sign of relenting globally and may be intensifying.