An infamous advanced persistent threat hacking group known as Naikon is actually China’s PLA Unit 78020 and a military intelligence expert there, traced to the attacks via his social media and other activity.
Add one more contentious cyberattack issue to the mix for tomorrow’s meeting in Washington, D.C. between President Obama and Chinese president Xi Jinping: researchers have identified a member of a Chinese military unit that they say is behind an infamous cyber espionage attack campaign against governments in Asia as well as the United Nations.
Researchers from ThreatConnect and Defense Group Inc. (DGI) today published a report detailing their findings that China’s People’s Liberation Army Unit 78020 is the body behind the infamous Naikon advanced persistent threat group known for attacking military, diplomatic, and economic targets in Cambodia, Indonesia, Laos, Malaysia, Myanmar, Nepal, the Philippines, Singapore, Thailand, Vietnam, the UN Development Programme, and the Association of Southeast Asian Nations (ASEAN). The five-year hacking campaign has targeted key individuals in those regions and organizations, all in the name of stealing information in its efforts to gain control of the strategic South China Sea. China is trying to reclaim islands in the oil-rich and highly strategic South China Sea.
The researchers outed the People’s Liberation Army Chengdu Military Region (MR) Second Technical Reconnaissance Bureau (TRB) Military Unit Cover Designator (MUCD) 78020 as the perpetrator of the attack campaign after discovering the activity of a PLA officer in that unit named Ge Xing. Ge’s name is tied to one of the command-and-control domains associated with the attacks, as is his location of Kunming. The “greensky27.vicp.net” domain was found in Naikon’s malware and the owner of the C2 domain in question was “GreenSky27,” which they traced to Ge.