Naikon is a threat group that has focused on targets around the South China Sea. (Citation: Baumgartner Naikon 2015) The group has been attributed to the Chinese People’s Liberation Army’s (PLA) Chengdu Military Region Second Technical Reconnaissance Bureau (Military Unit Cover Designator 78020). (Citation: CameraShy) While Naikon shares some characteristics with APT30, the two groups do not appear to be exact matches. (Citation: Baumgartner Golovkin Naikon 2015)
| Platform | Tactic | Technique | Description | Data Sources |
|---|---|---|---|---|
| Linux, macOS, Windows | discovery | System Network Configuration Discovery | Naikon uses commands such as netsh interface show to discover network interface settings. |
Process monitoring, Process command-line parameters |
| macOS, Windows | discovery | Security Software Discovery | Naikon uses commands such as netsh advfirewall firewall to discover local firewall settings. |
File monitoring, Process monitoring, Process command-line parameters |