Naikon

Threat Actor Profile Updated 13 days ago
Download STIX
Preview STIX
Naikon is a recognized threat actor, essentially a group or entity responsible for executing actions with malicious intent. Various research organizations have reported that this Chinese Advanced Persistent Threat (APT) group has been used by multiple other groups such as Growing Taurus and Parched Taurus, also known as Goblin Panda. Naikon APT's activities primarily involve cyber espionage, with a notable incident involving the use of DLL side-loading in relation to SbieDll_Hook and SandboxieBITS.exe. This technique was observed in attacks targeting military organizations in Southeast Asia. The group uses a range of software tools to accomplish its objectives. These include Cobalt Strike, Quasar RAT, HDoor (a backdoor previously used by Chinese groups), a Gh0st RAT variant known as Gh0stCringe, and Winnti, a multi-functional implant capable of granting remote control to an infected machine. Naikon has been involved in numerous espionage campaigns affecting various organizations, often spearheaded by an individual known as "operator X." Interestingly, Naikon has clashed with other APT groups active in the region, notably a group referred to as "Hellsing." The Naikon group was once spear-phished by Hellsing, highlighting the competitive dynamics within these malicious entities. Naikon leverages a range of techniques, including registering similar-looking email addresses to spear-phish targets with attachments, malware-serving site links, and Google Drive links. The group can set up proxy servers in any target country, tunneling traffic from victim systems to related command-and-control servers.
What's your take? (Question 1 of 2)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Goblin Panda
2
Goblin Panda is a recognized threat actor, known for its malicious activities in the cyber world. Various research organizations have indicated that several Chinese Advanced Persistent Threat (APT) groups such as Growing Taurus (aka Naikon) and Parched Taurus (aka Goblin Panda) have leveraged this t
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Apt
Espionage
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Naikon Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
The Naikon APT
MITRE
a year ago
ICIT Brief – China’s Espionage Dynasty: Economic Death by a Thousand Cuts
CERT-EU
7 months ago
Connect the Dots on State-Sponsored Cyber Incidents - Targeting of government bodies in Australia and Southeast Asia
CERT-EU
8 months ago
New Report Uncovers 3 Distinct Clusters of China-Nexus Attacks on Southeast Asian Government
CERT-EU
7 months ago
Researchers Uncover Grayling APT's Ongoing Attack Campaign Across Industries
Unit42
8 months ago
Persistent Attempts at Cyberespionage Against Southeast Asian Government Target Have Links to Alloy Taurus