Naikon

  • First known sample

    2009
  • Discovery

    2011
  • Number of targets

    100-1000
  • Current status

    Active
  • Type

    Backdoor , Remote administration tool , Trojan
  • Targeted platforms

    Windows
  • TOP targeted countries

    CIS , Canada , Indonesia , Lao People's Democratic Republic , Malaysia , Myanmar , Nepal , Philippines , Singapore , Thailand , Vietnam
  • The way of propagation

    Exploits , Social engineering
  • Purpose/Functions

    Cyberespionage , Remote control , Surveillance
  • Special features
    Each target country has a designated human operator, whose job it is to take advantage of cultural aspects of the country, such as a tendency to use personal email accounts for work
  • Targets

    Government entities , Military , Private companies
  • Artefacts/Attribution
    Naikon attackers appear to be Chinese-speaking (several indicators, such as Remote administration tool's admin and Honker Union code)
  • Description

    A highly active threat actor engaged in gathering geo-political intelligence in Asia and primarily targeting government, civil, and military organizations from countries in the South China Sea. The attackers use a decoy Word document to download spyware—including their custom backdoor—on the victims’ computer without the victim becoming aware.

    Additional information