14 DAY TRIAL // Two security companies have found a tie between the Naikon hacking group and an officer in the Chinese People’s Liberation Army (PLA).
The research was carried out by ThreatConnect and Defense Group, and targeted Naikon, an advanced persistent threat (APT) group that had been first observed in 2010, mainly in the South East Asia region, gathering information from international companies and the governments of countries like Cambodia, Indonesia, Laos, Malaysia, Myanmar, Nepal, the Philippines, Singapore, and Vietnam.
According to the report, a man named Ge Xing, officer in the Chinese People’s Liberation Army’s, Chengdu Military Region Second Technical Reconnaissance Bureau (Military Unit Cover Designator 78020), is believed to be controlling the greensky27.vicp.net domain, encountered many times in Naikon attacks, ranging back to its beginnings in 2010.
As security researchers point out, the IP address associated with that domain leads back to the Chinese town of Kunming.
Evidence links a Chinese military officer to the activities of the Naikon group
Searching the Web for the Greensky27 moniker, researchers, to their surprise, found it being used on a slew of social media accounts and forums, all leading back to the same man, named Ge Xing.
Analyzing data shared on those accounts, researchers were able to determine that Ge Xing was not only a PLA officer but also stationed at the 78020 military unit, in the city of Kunming.
Studying his activity on the social media sites, researchers were also able to determine that whenever Ge Xing would leave town or would have an important event in his family (the birth of his son), the greensky27.vicp.net would also go dormant at the same periods.
Additional evidence was also uncovered in QQ Weibo, a Chinese social networking site, where Ge Xing regularly posted photos from inside the Kunming military compound.
All these led researchers to believe that Ge Xing is one of the people behind Naikon, but more importantly, that the Chinese government is backing the group's activities.
More details can be found in the 86-pages research paper.
