Kaspersky: Cyber attack launched after MH370 went missing

SINGAPORE: Within four days after the disappearance of Malaysia Airlines Flight MH370, a group of cybercriminals known as Naikon had apparently launched an “attack” on Malaysian authorities.

The group had attempted to infect the computers of government organisations, the navy, police and civil aviation departments in Malaysia and also other countries involved in the search for the plane, said computer security company Kaspersky Lab.

The motive was to steal information related to the investigation and search efforts, said its Global Research and Analysis Team (GReAT) director Costin Raiu.

“There is a cybercriminal group extremely active in the Asia-Pacific region. We are calling them Naikon. Following the disappearance of MH370, we noticed a spike in the attacks by Naikon.

“Their purpose was to get intelligence from the countries which were involved in the search,” he said during the Kaspersky Cybersecurity Summit here recently.

However, it is not known how successful they had been.

The name Naikon was derived from the string “NOKIAN95/WEB” which was found in the code of the malware.

The group, he said, began sending hundreds of thousands of phishing e-mails, which usually claimed to contain “updates” or were seeking information about MH370, with a Microsoft Word document attached.

A phishing e-mail is sent out by cybercriminals to steal information from individuals or groups.

Raiu showed an example of one of the Naikon e-mails sent to Malaysian authorities, with an attachment titled senarai delegasi (list of delegates).

“They successfully targeted very high-profile institutions in several countries,” he said.

Later, he told The Star that the cybercriminals were trying to get information about the plane, including the passengers and cargo manifest.

“It was an intelligence-gathering operation,” he said.

He said the Asia Pacific was a “hotspot” for cyber attacks due to its economic situation.

“Every country is fighting for a better economic condition, for example, to secure foreign investment.

“If there is a tender, your offer has to be better. So you need to spy on them (other countries) to see what they offer, so you can offer something better. It is usually for this reason that the cyber attacks are done,” he said.