Search the Community
Showing results for tags 'naikon'.
-
🎭 Naikon APT Group is now using Nebulae Backdoor 🎭 _________________________________ Hey Learners We Are Back with Another Awsm Things , And Sorry about discontinuing Consistency Of Articles Naikon , A cyberespionage group from China, has been actively employing a new backdoor for multiple cyberespionage operations targeting military organizations in Southeast Asia. The backdoor, identified as Nebulae, is used for gaining persistence on infected systems. What has been Discovered ? A Malicious Activity was conducted by Naikon APT between June 2019 and March 2021. ▪️At the beginning of its operation in 2019, the APT had used the Aria-Body loader and Nebulae as the first stage of the attack. ▪️Starting September 2020, the APT group included the RainyDay backdoor in its toolkit, while the attribution to Naikon is based on C2 servers and artifacts utilized in its attacks. ▪️The APT group now delivers RainyDay (aka FoundCore) as a first-stage payload to propagate second-stage malware and tools, including the Nebulae backdoor. What is Nebulae ? ☆It has the ability to collect LogicalDrive info, manipulate files and folders, download and upload files from and to the C2 server, and terminate/list/execute processes on infected devices. ☆In addition, the malware adds a registry key that automatically runs the malicious code on system reboots after login. It is used as a backup access point for the victim in case of an adverse scenario for actors. Conclusion : Naikon APT group has been running the operation silently for two years and has launched multiple cyberespionage operations. Moreover, the group has been active since 2010 and still poses a severe threat to several military organizations in Southeast Asia. Thus, security agencies and professionals need to keep a strict eye on this threat.