Track Common Adversary Tasks Performed Using Aria-body
Overview
Aria-body is a backdoor extensively used by Naikon APT, a Chinese-speaking adversary since 2017 and make use of the victim's infrastructure to attack the other targets. They generally targets Government-owned companies as well as the ministries of foreign affairs, science and technology of various countries like Australia, the Philippines, Vietnam, Thailand, Myanmar, Brunei, etc. There attacks have increased since 2019 with the help of the other APTs, and their victims' network serves as the command and control (C2) server.
Techniques & Tactics
Aria-body backdoor follows following pattern:
- Firstly, it pose its email and document as an official government one with the required information for the target (which is generally the data stolen from the other compromised systems).
- Then, it adds a downloader to the document for Aria-body in order to gain access to the target's network.
- After the successful completion of the above steps, it starts to make use of the victim's own servers to continue its attack against the other targets of interest.
Prevention
In order to secure your network from this malware, you have to perform following tasks:
- Don't open any kind of unknown, suspicious, and irrelevant mails as this may compromise your system.
- It is also recommended to use only Microsoft Office versions released after 2010.
- Downloads must only be done from official and verified sources.
- Install a reputable anti-virus/anti-spyware suite, which must be updated timely.
Comments
Post a Comment