China’s Military Is Tied to Debilitating New Cyberattack Tool

Xi Jinping, China’s leader, seen on a screen at the World Internet Conference in Wuzhen, China, in October.Credit...Aly Song/Reuters
Social Share

An Israeli security company said the hacking software, called Aria-body, had been deployed against governments and state-owned companies in Australia and Southeast Asia.

On the morning of Jan. 3, an email was sent from the Indonesian Embassy in Australia to a member of the premier of Western Australia’s staff who worked on health and ecological issues. Attached was a Word document that aroused no immediate suspicions, since the intended recipient knew the supposed sender.

The attachment contained an invisible cyberattack tool called Aria-body, which had never been detected before and had alarming new capabilities. Hackers who used it to remotely take over a computer could copy, delete or create files and carry out extensive searches of the device’s data, and the tool had new ways of covering its tracks to avoid detection.

Now a cybersecurity company in Israel has identified Aria-body as a weapon wielded by a group of hackers, called Naikon, that has previously been traced to the Chinese military. And it was used against far more targets than the office of Mark McGowan, the premier of Western Australia, according to the company, Check Point Software Technologies, which released a report on Thursday about the tool.

In the preceding months, Naikon had also used it to hack government agencies and state-owned technology companies in Indonesia, the Philippines, Vietnam, Myanmar and Brunei, according to Check Point, which said the attacks underscored the breadth and sophistication of China’s use of cyberespionage against its neighbors.