SYMBOLCOMMON_NAMEaka. SYNONYMS

APT30  (Back to overview)

aka: PLA Unit 78020, OVERRIDE PANDA, Camerashy, BRONZE GENEVA, G0019, Naikon, BRONZE STERLING, G0013

Kaspersky described Naikon in a 2015 report as: 'The Naikon group is mostly active in countries such as the Philippines, Malaysia, Cambodia, Indonesia, Vietnam, Myanmar, Singapore, and Nepal, hitting a variety of targets in a very opportunistic way.'


Associated Families
win.nebulae win.ariabody win.naikon win.sslmm win.sys10 win.winmm win.xsplus

References
2022-08-04MandiantMandiant
@online{mandiant:20220804:advanced:afb8956, author = {Mandiant}, title = {{Advanced Persistent Threats (APTs)}}, date = {2022-08-04}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/insights/apt-groups}, language = {English}, urldate = {2022-08-30} } Advanced Persistent Threats (APTs)
APT1 APT10 APT12 APT14 APT15 APT16 APT17 APT18 APT19 APT2 APT20 APT21 APT22 APT23 APT24 APT27 APT3 APT30 APT31 APT4 APT40 APT5 APT9
2022-05-04CywareCyware
@online{cyware:20220504:chinese:58cae39, author = {Cyware}, title = {{Chinese Naikon Group Back with New Espionage Attack}}, date = {2022-05-04}, organization = {Cyware}, url = {https://cyware.com/news/chinese-naikon-group-back-with-new-espionage-attack-66a8413d}, language = {English}, urldate = {2022-08-22} } Chinese Naikon Group Back with New Espionage Attack
APT30
2022-04-29Cluster25Cluster25
@online{cluster25:20220429:lotus:c5520e5, author = {Cluster25}, title = {{The LOTUS PANDA Is Awake, Again. Analysis Of Its Last Strike.}}, date = {2022-04-29}, organization = {Cluster25}, url = {https://cluster25.io/2022/04/29/lotus-panda-awake-last-strike/}, language = {English}, urldate = {2022-04-29} } The LOTUS PANDA Is Awake, Again. Analysis Of Its Last Strike.
APT30
2021-09-29Medium BlueMonkeyBlueMonkey
@online{bluemonkey:20210929:ariabody:49911f8, author = {BlueMonkey}, title = {{Aria-Body Loader? Is that you?}}, date = {2021-09-29}, organization = {Medium BlueMonkey}, url = {https://medium.com/insomniacs/aria-body-loader-is-that-you-53bdd630f8a1}, language = {English}, urldate = {2021-10-20} } Aria-Body Loader? Is that you?
Aria-body
2021-08-03CybereasonAssaf Dahan, Lior Rochberger, Daniel Frank, Tom Fakterman
@online{dahan:20210803:deadringer:908e8d5, author = {Assaf Dahan and Lior Rochberger and Daniel Frank and Tom Fakterman}, title = {{DeadRinger: Exposing Chinese Threat Actors Targeting Major Telcos}}, date = {2021-08-03}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/deadringer-exposing-chinese-threat-actors-targeting-major-telcos}, language = {English}, urldate = {2021-08-06} } DeadRinger: Exposing Chinese Threat Actors Targeting Major Telcos
CHINACHOPPER Cobalt Strike MimiKatz Nebulae
2021-05-06Twitter (@SyscallE)NtUnmapViewOfSection
@online{ntunmapviewofsection:20210506:short:1045831, author = {NtUnmapViewOfSection}, title = {{Tweet on short analysis of Nebulae Backdoor}}, date = {2021-05-06}, organization = {Twitter (@SyscallE)}, url = {https://twitter.com/SyscallE/status/1390339497804636166}, language = {English}, urldate = {2021-05-08} } Tweet on short analysis of Nebulae Backdoor
Nebulae
2021-04-29SecurityWeekIonut Arghire
@online{arghire:20210429:chinese:0dcf839, author = {Ionut Arghire}, title = {{Chinese Cyberspies Target Military Organizations in Asia With New Malware}}, date = {2021-04-29}, organization = {SecurityWeek}, url = {https://www.securityweek.com/chinese-cyberspies-target-military-organizations-asia-new-malware}, language = {English}, urldate = {2022-02-04} } Chinese Cyberspies Target Military Organizations in Asia With New Malware
Nebulae
2021-04-28BleepingComputerSergiu Gatlan
@online{gatlan:20210428:cyberspies:718be29, author = {Sergiu Gatlan}, title = {{Cyberspies target military organizations with new Nebulae backdoor}}, date = {2021-04-28}, organization = {BleepingComputer}, url = {https://www.bleepingcomputer.com/news/security/cyberspies-target-military-organizations-with-new-nebulae-backdoor/}, language = {English}, urldate = {2022-02-04} } Cyberspies target military organizations with new Nebulae backdoor
Nebulae
2021-04-28BitdefenderVictor Vrabie, Bogdan Botezatu
@techreport{vrabie:20210428:new:5e28909, author = {Victor Vrabie and Bogdan Botezatu}, title = {{New Nebulae Backdoor Linked with the NAIKON Group}}, date = {2021-04-28}, institution = {Bitdefender}, url = {https://www.bitdefender.com/files/News/CaseStudies/study/396/Bitdefender-PR-Whitepaper-NAIKON-creat5397-en-EN.pdf}, language = {English}, urldate = {2021-05-04} } New Nebulae Backdoor Linked with the NAIKON Group
Nebulae
2020-09-03Kaspersky LabsDavid Emm
@online{emm:20200903:it:99f6d5f, author = {David Emm}, title = {{IT threat evolution Q2 2020}}, date = {2020-09-03}, organization = {Kaspersky Labs}, url = {https://securelist.com/it-threat-evolution-q2-2020/98230}, language = {English}, urldate = {2022-08-28} } IT threat evolution Q2 2020
PhantomLance Aria-body COMpfun Vicious Panda
2020-06-19Positive TechnologiesAlexey Vishnyakov
@online{vishnyakov:20200619:eagle:01efbbd, author = {Alexey Vishnyakov}, title = {{The eagle eye is back: old and new backdoors from APT30}}, date = {2020-06-19}, organization = {Positive Technologies}, url = {https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/eagle-eye-is-back-apt30/}, language = {English}, urldate = {2020-06-20} } The eagle eye is back: old and new backdoors from APT30
backspace NETEAGLE RCtrl RHttpCtrl APT30
2020-05-08Kaspersky LabsGReAT
@online{great:20200508:naikons:f1646a6, author = {GReAT}, title = {{Naikon’s Aria}}, date = {2020-05-08}, organization = {Kaspersky Labs}, url = {https://securelist.com/naikons-aria/96899/}, language = {English}, urldate = {2020-07-06} } Naikon’s Aria
Aria-body
2020-05-07CheckpointCheck Point Research
@online{research:20200507:naikon:7449e41, author = {Check Point Research}, title = {{Naikon APT: Cyber Espionage Reloaded}}, date = {2020-05-07}, organization = {Checkpoint}, url = {https://research.checkpoint.com/2020/naikon-apt-cyber-espionage-reloaded/}, language = {English}, urldate = {2020-05-07} } Naikon APT: Cyber Espionage Reloaded
Aria-body
2020SecureworksSecureWorks
@online{secureworks:2020:bronze:f4862d1, author = {SecureWorks}, title = {{BRONZE GENEVA}}, date = {2020}, organization = {Secureworks}, url = {https://www.secureworks.com/research/threat-profiles/bronze-geneva}, language = {English}, urldate = {2020-05-23} } BRONZE GENEVA
backspace APT30
2019-11-19FireEyeNalani Fraser, Kelli Vanderlee
@techreport{fraser:20191119:achievement:30aad54, author = {Nalani Fraser and Kelli Vanderlee}, title = {{Achievement Unlocked: Chinese Cyber Espionage Evolves to Support Higher Level Missions}}, date = {2019-11-19}, institution = {FireEye}, url = {https://www.fireeye.com/content/dam/fireeye-www/summit/cds-2019/presentations/cds19-executive-s08-achievement-unlocked.pdf}, language = {English}, urldate = {2022-09-12} } Achievement Unlocked: Chinese Cyber Espionage Evolves to Support Higher Level Missions
APT1 APT10 APT2 APT26 APT3 APT30 APT41 Tonto Team
2019-03-22MITREMITRE
@online{mitre:20190322:apt30:83830f2, author = {MITRE}, title = {{APT30}}, date = {2019-03-22}, organization = {MITRE}, url = {https://attack.mitre.org/wiki/Group/G0013}, language = {English}, urldate = {2020-01-09} } APT30
APT30
2019MITREMITRE ATT&CK
@online{attck:2019:naikon:f6661ca, author = {MITRE ATT&CK}, title = {{Group description: Naikon}}, date = {2019}, organization = {MITRE}, url = {https://attack.mitre.org/groups/G0019/}, language = {English}, urldate = {2019-12-20} } Group description: Naikon
APT30
2019Council on Foreign RelationsCyber Operations Tracker
@online{tracker:2019:30:a7aecdd, author = {Cyber Operations Tracker}, title = {{APT 30}}, date = {2019}, organization = {Council on Foreign Relations}, url = {https://www.cfr.org/interactive/cyber-operations/apt-30}, language = {English}, urldate = {2019-12-20} } APT 30
APT30
2017-08-24Kaspersky LabsKaspersky
@online{kaspersky:20170824:naikon:9ad7610, author = {Kaspersky}, title = {{Naikon Targeted Attacks}}, date = {2017-08-24}, organization = {Kaspersky Labs}, url = {https://usa.kaspersky.com/resource-center/threats/naikon-targeted-attacks}, language = {English}, urldate = {2022-08-22} } Naikon Targeted Attacks
APT30
2015-05-29Kaspersky LabsKurt Baumgartner, Maxim Golovkin
@techreport{baumgartner:20150529:msnmm:3d6b500, author = {Kurt Baumgartner and Maxim Golovkin}, title = {{THE MsnMM CAMPAIGNS: The Earliest Naikon APT Campaigns}}, date = {2015-05-29}, institution = {Kaspersky Labs}, url = {https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/07205555/TheNaikonAPT-MsnMM1.pdf}, language = {English}, urldate = {2020-01-09} } THE MsnMM CAMPAIGNS: The Earliest Naikon APT Campaigns
APT30
2015-05-14Kaspersky LabsKurt Baumgartner, Maxim Golovkin
@online{baumgartner:20150514:naikon:9edea2f, author = {Kurt Baumgartner and Maxim Golovkin}, title = {{The Naikon APT}}, date = {2015-05-14}, organization = {Kaspersky Labs}, url = {https://securelist.com/analysis/publications/69953/the-naikon-apt/}, language = {English}, urldate = {2019-12-20} } The Naikon APT
Naikon SslMM Sys10 WinMM xsPlus APT30
2015-05Kaspersky LabsKurt Baumgartner, Maxim Golovkin
@techreport{baumgartner:201505:msnmm:13a9145, author = {Kurt Baumgartner and Maxim Golovkin}, title = {{The MsnMM Campaigns - The Earliest Naikon APTCampaigns}}, date = {2015-05}, institution = {Kaspersky Labs}, url = {https://paper.seebug.org/papers/APT/APT_CyberCriminal_Campagin/2015/TheNaikonAPT-MsnMM1.pdf}, language = {English}, urldate = {2019-07-11} } The MsnMM Campaigns - The Earliest Naikon APTCampaigns
SslMM Sys10 WinMM xsPlus
2015-04-15FireEyeFireEye
@techreport{fireeye:20150415:apt30:d09a09c, author = {FireEye}, title = {{APT30 and the Mechanics of a Long-Running Cyber Espionage Campaign}}, date = {2015-04-15}, institution = {FireEye}, url = {https://www.mandiant.com/sites/default/files/2021-09/rpt-apt30.pdf}, language = {English}, urldate = {2022-08-25} } APT30 and the Mechanics of a Long-Running Cyber Espionage Campaign
backspace FLASHFLOOD NETEAGLE SHIPSHAPE SPACESHIP APT30
2015-04FireEyeFireEye
@techreport{fireeye:201504:apt30:0129bf7, author = {FireEye}, title = {{APT30 AND THE MECHANICS OF A LONG-RUNNING CYBER ESPIONAGE OPERATION}}, date = {2015-04}, institution = {FireEye}, url = {https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf}, language = {English}, urldate = {2020-01-07} } APT30 AND THE MECHANICS OF A LONG-RUNNING CYBER ESPIONAGE OPERATION
BACKBEND backspace CREAMSICLE FLASHFLOOD GEMCUTTER MILKMAID Naikon NETEAGLE ORANGEADE SHIPSHAPE SPACESHIP SslMM Sys10 WinMM xsPlus APT30
2015-02-06CrowdStrikeCrowdStrike
@techreport{crowdstrike:20150206:crowdstrike:fbcc37f, author = {CrowdStrike}, title = {{CrowdStrike Global Threat Intel Report 2014}}, date = {2015-02-06}, institution = {CrowdStrike}, url = {https://web.archive.org/web/20200509171721/https://raw.githubusercontent.com/fdiskyou/threat-INTel/master/2015/GlobalThreatIntelReport.pdf}, language = {English}, urldate = {2020-05-11} } CrowdStrike Global Threat Intel Report 2014
BlackPOS CryptoLocker Derusbi Elise Enfal EvilGrab Gameover P2P HttpBrowser Medusa Mirage Naikon NetTraveler pirpi PlugX Poison Ivy Sakula RAT Sinowal sykipot taidoor
2015ThreatConnectThreatConnect
@online{threatconnect:2015:naikon:59ceced, author = {ThreatConnect}, title = {{Naikon Tag in ThreatConnect Blogs}}, date = {2015}, organization = {ThreatConnect}, url = {https://threatconnect.com/blog/tag/naikon/}, language = {English}, urldate = {2020-04-06} } Naikon Tag in ThreatConnect Blogs
APT30
2014-03-25FireEyeAlex Lanstein, Ned Moran
@online{lanstein:20140325:spear:762baf1, author = {Alex Lanstein and Ned Moran}, title = {{Spear Phishing the News Cycle: APT Actors Leverage Interest in the Disappearance of Malaysian Flight MH 370}}, date = {2014-03-25}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2014/03/spear-phishing-the-news-cycle-apt-actors-leverage-interest-in-the-disappearance-of-malaysian-flight-mh-370.html}, language = {English}, urldate = {2019-12-20} } Spear Phishing the News Cycle: APT Actors Leverage Interest in the Disappearance of Malaysian Flight MH 370
APT30
2013-02-27Trend MicroAbraham Camba
@online{camba:20130227:bkdrrarstone:8c1d7b2, author = {Abraham Camba}, title = {{BKDR_RARSTONE: New RAT to Watch Out For}}, date = {2013-02-27}, organization = {Trend Micro}, url = {https://blog.trendmicro.com/trendlabs-security-intelligence/bkdr_rarstone-new-rat-to-watch-out-for/}, language = {English}, urldate = {2020-01-08} } BKDR_RARSTONE: New RAT to Watch Out For
APT30

Credits: MISP Project