Locked Naikon APT Group is now using Nebulae Backdoor

[dEEpEst]

🎭 Naikon APT Group is now using Nebulae Backdoor 🎭

_________________________________

Hey Learners We Are Back with Another Awsm Things , And Sorry about discontinuing Consistency Of Articles 

Naikon , A cyberespionage group from China, has been actively employing a new backdoor for multiple cyberespionage operations targeting military organizations in Southeast Asia. The backdoor, identified as Nebulae, is used for gaining persistence on infected systems.

What has been Discovered ?

A Malicious Activity was conducted by Naikon APT between June 2019 and March 2021.

▪️At the beginning of its operation in 2019, the APT had used the Aria-Body loader and Nebulae as the first stage of the attack.

▪️Starting September 2020, the APT group included the RainyDay backdoor in its toolkit, while the attribution to Naikon is based on C2 servers and artifacts utilized in its attacks.

▪️The APT group now delivers RainyDay (aka FoundCore) as a first-stage payload to propagate second-stage malware and tools, including the Nebulae backdoor.

What is Nebulae ?

☆It has the ability to collect LogicalDrive info, manipulate files and folders, download and upload files from and to the C2 server, and terminate/list/execute processes on infected devices.

☆In addition, the malware adds a registry key that automatically runs the malicious code on system reboots after login. It is used as a backup access point for the victim in case of an adverse scenario for actors.

Conclusion :
Naikon APT group has been running the operation silently for two years and has launched multiple cyberespionage operations. Moreover, the group has been active since 2010 and still poses a severe threat to several military organizations in Southeast Asia. Thus, security agencies and professionals need to keep a strict eye on this threat.