Naikon, a threat group now being associated with the Chinese government ("appears to be Chinese speaking," in Kaspersky's cautious formulation) has resurfaced to affect targets in the Asia-Pacific region. The group had been detected in 2015 by ThreatConnect and DGI, who attributed it specifically to the People’s Liberation Army Chengdu Military Region's Second Technical Reconnaissance Bureau Military Unit Cover Designator 78020. The Kunming-based unit has responsibility for developing intelligence about Southeast Asia, with special emphasis on nations that claim territorial waters in the South China Sea.
Naikon had gone largely undetected since its initial discovery, but Check Point researchers now report having observed it in a major campaign, distributing a novel and hitherto unknown payload, "Aria-body," which combines remote code execution, data destruction, and data exfiltration capabilities.
Much of the initial attention Naikon drew during its present campaign came through the discovery of a phishing attempt against accounts belonging to the West Australian government. News7 reports that the state's premier says he was "blindsided" when shown a news report of the hack, but adds that it's now under investigation.
The University of Toronto's Citizen Lab is warning of another ongoing Chinese campaign, this one involving Tencent's use of its popular WeChat app to monitor social media content exchanged within the Chinese diaspora. Content moderation, essentially suppression of politically sensitive topics, has long been practiced on WeChat. What's new is the extension of surveillance to users outside of China proper. Citizen Lab thinks the effort is designed to train censorship algorithms.