Introduction
APT30 is a threat group suspected to be associated with the Chinese government. While Naikon shares some characteristics with APT30, the two groups do not appear to be exact matches. FireEye APT30 Baumgartner Golovkin Naikon 2015
Activities and Tactics
Targeted Sectors: Government, Military, Government, Administration
Country of Origin: π¨π³ China
Risk Level: High
Incident Type: Espionage
Suspected Victims: United States, South Korea, Saudi Arabia, Thailand, Vietnam, Malaysia, India, Japan, Philippines, Hong Kongβ¦
Notable Campaigns
Information pending cataloguing.
Tactics, Techniques, and Procedures (TTPs)
Notable Indicators of Compromise (IOCs)
No curated IOCs are currently published for this actor. This section will be updated when stable, attributable indicators are available.
Malware and Tools
MITRE ATT&CK Software
- SHIPSHAPE (S0028) β malware
- BACKSPACE (S0031) β malware
- FLASHFLOOD (S0036) β malware
- NETEAGLE (S0034) β malware
- SPACESHIP (S0035) β malware
Attribution and Evidence
Country of Origin: China Additional attribution information pending cataloguing.
References
[1] MITRE ATT&CK MITRE ATT&CK entry [2] FireEye APT30 [3] Baumgartner Golovkin Naikon 2015