Naikon
Aliases: None listed
Naikon is assessed to be a state-sponsored cyber espionage group attributed to the Chinese People’s Liberation Army’s (PLA) Chengdu Military Region Second Technical Reconnaissance Bureau (Military Unit Cover Designator 78020). Active since at least 2010, Naikon has primarily conducted operations against government, military, and civil organizations in Southeast Asia, as well as against international bodies such as the United Nations Development Programme (UNDP) and the Association of Southeast Asian Nations (ASEAN). While Naikon shares some characteristics with APT30, the two groups do not appear to be exact matches.
Open interactive actor investigation
ATT&CK techniques
T1078.002
Domain AccountsT1018
Remote System DiscoveryT1547.001
Registry Run Keys / Startup FolderT1518.001
Security Software DiscoveryT1046
Network Service DiscoveryT1047
Windows Management InstrumentationT1137.006
Add-insT1016
System Network Configuration DiscoveryT1036.005
Match Legitimate Name or LocationT1566.001
Spearphishing AttachmentT1036.004
Masquerade Task or ServiceT1053.005
Scheduled TaskT1204.002
Malicious FileT1574.002
DLL Side-Loading
Domain AccountsT1018
Remote System DiscoveryT1547.001
Registry Run Keys / Startup FolderT1518.001
Security Software DiscoveryT1046
Network Service DiscoveryT1047
Windows Management InstrumentationT1137.006
Add-insT1016
System Network Configuration DiscoveryT1036.005
Match Legitimate Name or LocationT1566.001
Spearphishing AttachmentT1036.004
Masquerade Task or ServiceT1053.005
Scheduled TaskT1204.002
Malicious FileT1574.002
DLL Side-Loading