Chinese State-Sponsored APT Naikon Resurfaces with New Tactics, Techniques, and Procedures (TTPs).

Naikon, a Chinese-state-sponsored Advanced Persistent Threat (APT) undergoes scrutiny once again following the discovery of a new set of TTPs (Tactics, Techniques, and Procedures). Although the group’s motivation remains unknown, the recovered data and (attack) artifacts tend to suggest that Naikon may be stagging a surveillance operation against Southeast Asian military and governmental HVTs (High-Value Targets). Cluster25, one of the cybersecurity agencies that have analyzed and kept tabs on Naikon’s activity, stated that the group now employs advanced and open-source pen-testing tools in order to extract confidential information.

A Brief History of Naikon APT Activity

Naikon aka Lotus Panda and/or Override Panda was first detected in the wild in early 2010, being loosely associated with a series of lightning-fast spearphishing attacks launched against governmental, military, and civilian organizations from the ASEAN region.

Tracking and fingerprinting efforts proved futile since the organization employed advanced obfuscation techniques in order to throw the authorities off the tracks. It’s estimated that from 2010 to 2014/2015, Naikon APT managed to spearphish and compromise multiple state-held agencies from Indonesia, Philippines, Singapore, Malaysia, Vietnam, Cambodia, Laos, Thailand, Myanmar, Nepal, and even from the heart of China before going below the radar.

There followed a 4-year hiatus during

Read More: https://heimdalsecurity.com/blog/apt-naikon/