Chinese hackers has reportedly attempted a potentially devastating and highly-sophisticated cyber-attack on Scott Morrison’s office.
Cyber-security company Check Point said the hackers – known as Naikon – targeted a worker in the Prime Minister’s office using a file which appeared to be an innocuous Microsoft Word document.
The attachment contained an invisible cyber-attacking tool which allows the hackers to remotely access victims’ computers and copy information undetected according to The New York Times.
The data intelligence experts from Israel did not claim Naikon was directly linked to the Chinese government – but a US cyber-security firm in 2015 said the group was a unit of The People’s Liberation Army, the official name of China’s armed forces.
Chinese soldiers during a march in Beijing in October 2019. A new report has claimed a Chinese hacking group – which has previously been linked to the country’s armed forces – carried out a cyber attack on the Australian prime minister
Mr Morrison is pictured speaking to the media on April 21. His office has claimed there is no evidence of an attack taking place – but the report’s author Check Point said the cyber-attack is so sophisticated and dynamic it is invisible to the victim
The Prime Minister’s office said on Thursday it had not found evidence of the attack which was uncovered by the Times.
‘The Department of the Prime Minister and Cabinet, which manages ICT within the Prime Minister’s Office, has advised there is no evidence of such an incident,’ Mr Morrison’s office said in a statement after the report was published yesterday.
The spokesman said there were ‘robust cyber security arrangements in place to protect the networks of the prime minister’s office’.
But Check Point claims the technology – called ‘Aria-body’ – is so sophisticated it is untraceable and can change its appearance between attacks to stay undetected.
The malicious email typically comes from a trusted source in the form of another government official – a hacking technique known as ‘spear-phishing’.
Check Point claims Naikon have targeted not only the Australian government but countries across the Asia-Pacific including Indonesia, Vietnam, Thailand and the Philippines.
Security researchers first detected Naikon that year, but Check Point said the hackers ‘slipped off the radar’ until they escalated their activities in 2019 and 2020.
The Chinese government has consistently denied being behind cyber-attacks or targeting other countries’ intelligence networks to steal trade secrets.
But American former diplomat Matthew Brazil said cyber-espionage attacks were becoming increasingly focused on stealing data from foreign governments.
‘This may be different in design, but these attacks all have the same purpose,’ he told the Times.
Pictured: The Check Point Software Technologies headquarters in Tel Aviv. The attack’s sophisticated technology was disguised as a Word document, the report claimed
Pictured: Check Point Software Technologies founder and CEO Gil Shwed in 2017 at an event in Tel Aviv
The chief of the Israeli firm’s cyberthreat intelligence group Lotem Finkelstein said the group was constantly upgrading its hacking software to gain access to sensitive government documents.
‘The Naikon group has been running a longstanding operation, during which it has updated its new cyberweapon time and time again, built an extensive offensive infrastructure and worked to penetrate many governments across Asia and the Pacific,’ he said.
‘What drives them is their desire to gather intelligence and spy on countries, and they have spent the past five years quietly developing their skills and introducing a new cyber-weapon with the Aria-body backdoor.’
China’s President Xi Jinping on a screen during the 2019 World Internet Conference. Beijing has consistently denied being behind attempts to hack into other countries’ IT networks
The potential cyber attack comes amid rising tensions between China and Australia as Mr Morrison calls for an international inquiry into the coronavirus outbreak – which is believed to have started in a wet market in the city of Wuhan.
Four years ago, cyber-security firm Threat Connect, based in the US state of Virginia, attributed Naikon’s activity ‘to a specific unit of the Chinese People’s Liberation Army [PLA]’.
‘Our assessment is based on technical analysis of Naikon threat activity and native language research on a PLA officer within Unit 78020,’ the report read.
‘China is aggressively claiming territory deeper into the South China Sea, threatening economic and political stability in the Southeast Asia and beyond.’
‘The territorial activity is accompanied by high-tempo cyber espionage and malware attacks, malicious attachments and spear phishing, directed at Southeast Asian military, diplomatic, and economic targets.’
HOW DO HACKERS USE ‘SPEAR-PHISHING’ TO STEAL USERS PRIVATE INFORMATION?
Spear-phishing is based on the concept of ‘phishing’ – that is where hackers attempt to re-create an official looking email, social media account or website to convince people to share their login details.
Spear-phishing is a much more targeted approach that uses the same approach but with a lot more person information.
In a spear-phishing attack the hacker would scour the social media accounts, public directories, organisation websites and anywhere that contains personal information on their target.
They then craft an email designed to look like it is coming from a professional organisation the target has a link to.
When they click a link in the email it will take them to a website that looks the same as the organisation site but when they enter their username and password it just sends it to the hacker, rather than log them in.