Group linked to Chinese military allegedly used cyberattack tool on Australia, other Asia-Pacific countries

A cyberattack tool used by hackers linked to the Chinese military was reportedly sent to an Australian Premier's office hidden in a Word document, and it's also allegedly been used against other Asia-Pacific governments.

According to The New York Times, a document attached to an email sent to the office of Western Australia premier Mark McGowan from the Indonesian Embassy in Australia on January 3 contained a tool called Aria-body. 

This can allow hackers to remotely take control of a device, search through files and create new ones. 

Check Point Research analyses data about cyber attacks and says in a new report it has "discovered new evidence of an ongoing cyber-espionage operation against several national government entities in the Asia Pacific (APAC) region". It attributes this operation to Naikon APT, which in 2015 was found by another cyber intelligence company to be associated with the People's Liberation Army in China.

After the groups' activities were revealed, Check Point Research says Naikon APT went quiet, until this latest operation. The researchers say Aria-body was used against "several national governments, including Australia, Indonesia, the Philippines, Vietnam, Thailand, Myanmar, and Brunei".

Activities like that against McGowan are mentioned in the report.

"Interestingly, the group has been observed expanding its footholds on the various governments within APAC by launching attacks from one government entity that has already been breached, to try and infect another," the report says.

"In one case, a foreign embassy unknowingly sent malware-infected documents to the government of its host country, showing how the hackers are exploiting trusted, known contacts and using those them to infiltrate new organisations and extend their espionage network."

Check Point Research says it is "evident that the group's purpose is to gather intelligence and spy on the countries whose governments it has targeted". 

"In this campaign, we uncovered the latest iteration of what seems to be a long-running Chinese-based operation against various government entities in APAC," the report's conclusion says.

The New York Times said the Australian government didn't respond to questions about the report and that Beijing has also consistently said it is opposed to cyber-attacks and doesn't engage in them.

"This may be different in design, but these attacks all have the same purpose," Matthew Brazil, an author on Chinese espionage, told The Times.

The hacking tool was reportedly discovered in the Western Australia case when the hacker accidentally sent the email to a wrong address at the Premier's office. The server sent a message back saying the email address had not been found, but also triggered an investigation into what was attached to the email, leading to the tool being found.