Threat Landscape Dashboard

Assessing today's threats and the relationships between them

Operation Aria-body Backdoor

The Naikon threat actor targeted the government sector in the Asia Pacific region with the Aria-body backdoor. The APT used several infection chains during the operation which included weaponized RTF files, legitimate executables, malicious DLLs, and executable files as loaders. The group hosted their infrastructure on Alibaba, used GoDaddy as the registrar, and reused IP addresses across multiple domains. The operation used multiple techniques for persistence and defense evasion via the Startup folder or the Run registry key, process injection, and encryption.
Name Modified Date Sources
Operation Aria-body Backdoor 2020-05-21