Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Matrix Botnet

Naikon (Camerashy) – Threat Actor

January 25, 2025
Reading Time: 4 mins read
in Threat Actors
Naikon (Camerashy) – Threat Actor

Naikon

Other Names

BRONZE GENEVA
BRONZE STERLING
Camerashy
G0013
G0019
OVERRIDE PANDA
PLA Unit 78020

Location

China

Date of initial activity

2010

Suspected Attribution 

Cybercriminals

Motivation

Cyberwarfare
Data Theft

Associated Tools

Naikon Implant

PlugX

Poison Ivy

Sogu (Sogu RAT)

Royal Road

Software

Windows
Servers
Networks

Overview

Naikon is a formidable and persistent threat actor with a notable focus on high-profile government and military targets. Operating primarily in the Asia-Pacific region, Naikon has been active since at least 2010, leveraging sophisticated cyber espionage techniques to infiltrate and gather intelligence from key institutions. This Chinese-speaking threat group has established a reputation for its meticulous and strategic targeting of top-level government agencies and civil and military organizations, particularly those situated around the South China Sea. Naikon’s activities have affected a broad range of countries, including the Philippines, Malaysia, Cambodia, Indonesia, Vietnam, Myanmar, Singapore, Nepal, Thailand, Laos, and China. Despite the group’s primary focus on high-value targets, there is a potential risk to ordinary consumers, particularly if they are connected to individuals of interest or if their systems are exposed to similar malware.

Common Targets 

  • Public Administration
  • Philippines
  • Malaysia
  • Cambodia
  • Indonesia
  • Vietnam
  • Myanmar
  • Singapore
  • Nepal
  • Thailand
  • Laos
  • China

Attack vectors

Phishing Software Vulnerabilities

Associated Tools

Naikon Implant: A bespoke piece of malware tailored for espionage operations, often used for maintaining access and exfiltrating data. PlugX: A versatile remote access tool that allows the threat actor to control infected systems and exfiltrate data. Poison Ivy: Another remote access Trojan (RAT) used for remote control of compromised systems and data extraction. Sogu (Sogu RAT): A remote access tool used by Naikon for spying and maintaining persistent access to compromised systems. Royal Road: A framework used for exploiting vulnerabilities and delivering malware.

How they work

Naikon’s attack strategies revolve predominantly around spear-phishing, a technique that capitalizes on human factors to gain initial access to target systems. The group’s approach often involves crafting highly targeted emails that appear to be from legitimate sources but contain malicious attachments. These attachments, often disguised as benign documents, are embedded with executable payloads designed to exploit vulnerabilities and install malware on the victim’s system. This method of initial compromise is both effective and insidious, as it leverages social engineering to bypass traditional security measures. Once access is established, Naikon employs a range of tools and techniques to maintain control and extract valuable information. Key among these tools are remote access Trojans (RATs) such as PlugX and Poison Ivy. These RATs enable the group to remotely control infected systems, conduct surveillance, and gather intelligence. Communication between the compromised systems and Naikon’s command and control servers often utilizes standard protocols like HTTP and HTTPS, as well as custom methods to evade detection and maintain a persistent presence within the network. The group’s exfiltration tactics are equally sophisticated. Data exfiltration often occurs over the same command and control channels used for communication, minimizing the risk of detection. Additionally, Naikon may stage collected data on compromised systems before sending it to their servers, further obscuring their activities and making it more challenging for defenders to identify and mitigate the breach. To ensure continued access, Naikon employs techniques such as creating scheduled tasks, which allow the group to execute malicious payloads at specified intervals and maintain a foothold within the target environment. In summary, Naikon’s operations are a prime example of the intricate and multi-faceted nature of modern APT attacks. By leveraging spear-phishing for initial access, employing sophisticated RATs for control, and using advanced exfiltration methods, Naikon underscores the need for robust cybersecurity practices. Organizations at risk of Naikon’s targeting should adopt stringent security measures, including advanced anti-malware solutions, cautious handling of email attachments, and regular system updates, to protect against these sophisticated threats.

MITRE Tactics and Techniques

Phishing (T1566): Naikon commonly uses spear-phishing emails with malicious attachments or links to gain initial access to targeted systems. Spearphishing Attachment (T1566.001): They often use weaponized attachments, such as documents with embedded malware, to exploit vulnerabilities and gain access. Command and Control (C2) (T1071): Naikon uses various protocols and methods to communicate with compromised systems, including HTTP, HTTPS, and custom protocols. Remote Access Tools (RATs) (T1219): Tools like PlugX and Poison Ivy allow Naikon to remotely control and monitor infected systems. Exfiltration Over Command and Control Channel (T1041): Data is often exfiltrated from compromised systems through the same channels used for command and control. Data Staged (T1074): Naikon may stage collected data on compromised systems before exfiltration. Scheduled Task/Job (T1053): The threat actor might create scheduled tasks to maintain persistence or execute malicious payloads at specific times.
References:
  • Naikon
  • Naikon Targeted Attacks
Tags: AsiaBRONZE GENEVABRONZE STERLINGCambodiaCamerashyChinaG0013G0019GovernmentIndonesiaLaosMalaysiaMyanmarNaikonNepalOVERRIDE PANDAPacificPhilippinesPhishingPLA Unit 78020SingaporeThailandThreat ActorsVietnam
ADVERTISEMENT

Related Posts

Storm-1811 (Cybercriminal) – Threat Actor

Storm-1811 (Cybercriminal) – Threat Actor

March 2, 2025
CopyCop (State-Sponsored) – Threat Actor

CopyCop (State-Sponsored) – Threat Actor

March 2, 2025
Storm-0539 – Threat Actor

Storm-0539 – Threat Actor

March 2, 2025
Void Manticore (Storm-0842) – Threat Actor

Void Manticore (Storm-0842) – Threat Actor

March 2, 2025
Unfading Sea Haze – Threat Actor

Unfading Sea Haze – Threat Actor

March 2, 2025
Ikaruz Red Team – Threat Actor

Ikaruz Red Team – Threat Actor

March 2, 2025

Latest Alerts

Mozilla Urgent Firefox Patch Fixes RCE Flaws

ModiLoader Malware Targets Windows Users

Glibc Flaw Gives Linux Root Access Risk

Fileless Remcos RAT Delivery Via LNK Files

FBI Warns of AI Voice Phishing Scams

APT28 RoundPress Webmail Hack Steals Emails

Subscribe to our newsletter

    Latest Incidents

    Massive DDoS Hits Poland’s Civic Platform

    Arla Plant Cyberattack Halts Operations

    Georgia’s Harbin Clinic Hit by Data Breach

    Hackers Target Swiss Reserve Power Plant

    Coinbase Insider Attack Exposed User Data

    Cyberattack Hits J Batista Group

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial