Naikon

This is a collection of rules based on the presence of indicators of compromise publicly reported as associated with this malicious actor.

Naikon is a threat group that has focused on victims around the South China Sea. This threat group has been attributed to the Chinese People’s Liberation Army’s (PLA) Chengdu Military Region Second Technical Reconnaissance Bureau (Military Unit Cover Designator 78020). While Naikon shares some characteristics with APT30, the two groups appear to be distinct.

Other names for this threat

APT30, APT.Naikon, Camerashy, Hellsing, Lotus Panda, Override Panda, PLA Unit 78020

Description

This detection identifies a request to resolve a domain publicly known to be associated with this specific malicious actor. Please be aware that malicious actors will often use compromised legitimate websites for malicious purposes.

Recommendation

The alert may be related to normal web browsing activity by the end user. Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

Description

This detection identifies the execution of a file with a hash publicly known to be associated with this specific malicious actor. Please be aware that malicious actors will often use common System Administration tools for malicious purposes.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

Description

This detection identifies a request to a domain publicly known to be associated with this specific malicious actor. Please be aware that malicious actors will often compromise legitimate websites to use for malicious purposes.

Recommendation

The alert may be related to normal web browsing activity by the end user. Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.