Description
[Naikon](https://attack.mitre.org/groups/G0019) is assessed to be a state-sponsored cyber espionage group attributed to the Chinese People’s Liberation Army’s (PLA) Chengdu Military Region Second Technical Reconnaissance Bureau (Military Unit Cover Designator 78020).(Citation: CameraShy) Active since at least 2010, [Naikon](https://attack.mitre.org/groups/G0019) has primarily conducted operations against government, military, and civil organizations in Southeast Asia, as well as against international bodies such as the United Nations Development Programme (UNDP) and the Association of Southeast Asian Nations (ASEAN).(Citation: CameraShy)(Citation: Baumgartner Naikon 2015) While [Naikon](https://attack.mitre.org/groups/G0019) shares some characteristics with [APT30](https://attack.mitre.org/groups/G0013), the two groups do not appear to be exact matches.(Citation: Baumgartner Golovkin Naikon 2015)
Techniques Used (TTPs)
- T1078.002 — Domain Accounts (defense-evasion, persistence, privilege-escalation, initial-access)
- T1018 — Remote System Discovery (discovery)
- T1547.001 — Registry Run Keys / Startup Folder (persistence, privilege-escalation)
- T1518.001 — Security Software Discovery (discovery)
- T1046 — Network Service Discovery (discovery)
- T1047 — Windows Management Instrumentation (execution)
- T1137.006 — Add-ins (persistence)
- T1016 — System Network Configuration Discovery (discovery)
- T1036.005 — Match Legitimate Resource Name or Location (defense-evasion)
- T1566.001 — Spearphishing Attachment (initial-access)
- T1036.004 — Masquerade Task or Service (defense-evasion)
- T1053.005 — Scheduled Task (execution, persistence, privilege-escalation)
- T1204.002 — Malicious File (execution)
- T1574.001 — DLL (persistence, privilege-escalation, defense-evasion)
Total TTPs: 14