Naikon

πŸ”΄ High
Also known as: BRONZE GENEVA, BRONZE STERLING, Camerashy, G0013, G0019, Naikon, OVERRIDE PANDA, PLA Unit 78020

Naikon is assessed to be a state-sponsored cyber espionage group attributed to the Chinese People’s Liberation Army’s (PLA) Chengdu Military Region Second Technical Reconnaissance Bureau (Military Unit Cover Designator 78020). CameraShy Active since at least 2010, Naikon has primarily conducted operations against government, military, and civil organizations in Southeast Asia, as well as against international bodies such as the United Nations Development Programme (UNDP) and the Association of Southeast Asian Nations (ASEAN). CameraShy Baumgartner Naikon 2015

While Naikon shares some characteristics with APT30, the two groups do not appear to be exact matches. Baumgartner Golovkin Naikon 2015

🌍 Country China
πŸ“… Activity 2015 β€” 2015
⚑ Risk Level High
🎯 Incident Type Espionage
🧭 ATT&CK G0019
Government Private sector
2015
2015

Targeted Victims

India Saudi Arabia Vietnam Myanmar Singapore Thailand Malaysia Cambodia China Philippines South Korea United States Indonesia Laos

Associated Operations

MsnMM Naikon Camera Shy

Introduction

Naikon is assessed to be a state-sponsored cyber espionage group attributed to the Chinese People’s Liberation Army’s (PLA) Chengdu Military Region Second Technical Reconnaissance Bureau (Military Unit Cover Designator 78020). CameraShy Active since at least 2010, Naikon has primarily conducted operations against government, military, and civil organizations in Southeast Asia, as well as against international bodies such as the United Nations Development Programme (UNDP) and the Association of Southeast Asian Nations (ASEAN). CameraShy Baumgartner Naikon 2015 While Naikon shares some characteristics with APT30, the two groups do not appear to be exact matches. Baumgartner Golovkin Naikon 2015

Activities and Tactics

Targeted Sectors: Government, Private sector

Country of Origin: πŸ‡¨πŸ‡³ China

Risk Level: High

First Seen: 2015

Last Activity: 2015

Incident Type: Espionage

Suspected Victims: India, Saudi Arabia, Vietnam, Myanmar, Singapore, Thailand, Malaysia, Cambodia, China, Philippines…

Notable Campaigns

  • MsnMM
  • Naikon
  • Camera Shy

Tactics, Techniques, and Procedures (TTPs)

ATT&CK technique IDs (denormalized)

Notable Indicators of Compromise (IOCs)

No atomic indicators are listed in this profile. The APTnotes snapshot indexes 1 public reports that may contain IOCs; see Source Attribution for dataset links.

Malware and Tools

  • RARSTONE:
  • BACKSPACe:
  • NETEAGLE:
  • XSControl:

MITRE ATT&CK Software

Attribution and Evidence

Country of Origin: China Additional attribution information pending cataloguing.

References

[1] mitre-attack [3] CameraShy ThreatConnect Inc. and Defense Group Inc. (DGI). (2015, September 23). Project CameraShy: Closing the Aperture on China’s Unit 78020. Retrieved December 17, 2015. [4] Baumgartner Naikon 2015 Baumgartner, K., Golovkin, M.. (2015, May). The MsnMM Campaigns: The Earliest Naikon APT Campaigns. Retrieved April 10, 2019. [5] Baumgartner Golovkin Naikon 2015 Baumgartner, K., Golovkin, M.. (2015, May 14). The Naikon APT. Retrieved January 14, 2015.