Naikon
-
First known sample
2009 -
Discovery
2011 -
Number of targets
100-1000 -
Current status
Active -
Type
Backdoor , Remote administration tool , Trojan -
Targeted platforms
Windows -
TOP targeted countries
CIS , Canada , Indonesia , Lao People's Democratic Republic , Malaysia , Myanmar , Nepal , Philippines , Singapore , Thailand , Vietnam
-
The way of propagation
Exploits , Social engineering -
Purpose/Functions
Cyberespionage , Remote control , Surveillance -
Special features
Each target country has a designated human operator, whose job it is to take advantage of cultural aspects of the country, such as a tendency to use personal email accounts for work
-
Targets
Government entities , Military , Private companies -
Artefacts/Attribution
Naikon attackers appear to be Chinese-speaking (several indicators, such as Remote administration tool's admin and Honker Union code)
-
Description
A highly active threat actor engaged in gathering geo-political intelligence in Asia and primarily targeting government, civil, and military organizations from countries in the South China Sea. The attackers use a decoy Word document to download spyware—including their custom backdoor—on the victims’ computer without the victim becoming aware.