Naikon

Threat Actor updated a month ago (2024-11-29T14:00:29.660Z)

Download STIX

Preview STIX

Naikon is a threat actor, or group, known for its execution of actions with malicious intent. It is associated with various Advanced Persistent Threat (APT) groups originating from China, such as Growing Taurus and Parched Taurus, also known as Goblin Panda. Naikon has been linked to PLA Unit 78020/APT 30 and is synonymous with other groups like Mustang Panda and Nomad Panda. These groups have historically targeted countries in the Asia-Pacific region, carrying out widespread cyber attacks. The group has been particularly active in recent espionage campaigns, employing a backdoor known as Rainyday, which is linked to the Firefly group, another alias for Naikon. In addition, Naikon APT has been observed using DLL side-loading in attacks against military organizations in Southeast Asia, specifically with respect to SbieDll_Hook and SandboxieBITS.exe. The group installs a variety of software, including Cobalt Strike, Quasar RAT, HDoor, Gh0stCringe, and Winnti, all of which grant remote control to infected machines. In a notable incident, Naikon was spear-phished by an actor now referred to as "Hellsing". This led to a series of retaliatory actions between Naikon and Hellsing, as documented in "The Chronicles of the Hellsing APT: The Empire Strikes Back". Furthermore, Naikon's "operator X" has conducted espionage campaigns affecting numerous organizations in country X. Despite these activities, Naikon continues to pose a significant threat to cybersecurity, especially in the Asia-Pacific region.

Description last updated: 2024-06-28T21:16:14.536Z

What's your take? (Question 1 of 3)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Goblin Panda is a possible alias for Naikon. Goblin Panda is a recognized threat actor, known for its malicious activities in the cyber world. Various research organizations have indicated that several Chinese Advanced Persistent Threat (APT) groups such as Growing Taurus (aka Naikon) and Parched Taurus (aka Goblin Panda) have leveraged this t	2

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Apt

Espionage

Backdoor

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the Naikon Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
DARKReading	6 months ago	CISO Corner: The NYSE & the SEC; Ransomware Negotiation Tips
DARKReading	6 months ago	China-Linked Espionage Groups Target Asian Telecoms
Securityaffairs	6 months ago	China-linked spies target Asian Telcos since at least 2021
CERT-EU	a year ago	Connect the Dots on State-Sponsored Cyber Incidents - Targeting of government bodies in Australia and Southeast Asia
CERT-EU	a year ago	Researchers Uncover Grayling APT's Ongoing Attack Campaign Across Industries
CERT-EU	a year ago	New Report Uncovers 3 Distinct Clusters of China-Nexus Attacks on Southeast Asian Government
Unit42	a year ago	Persistent Attempts at Cyberespionage Against Southeast Asian Government Target Have Links to Alloy Taurus
MITRE	2 years ago	The Naikon APT
MITRE	2 years ago	ICIT Brief – China’s Espionage Dynasty: Economic Death by a Thousand Cuts