SYMBOLCOMMON_NAMEaka. SYNONYMS

APT30  (Back to overview)

aka: G0013

APT30 is a threat group suspected to be associated with the Chinese government. While Naikon shares some characteristics with APT30, the two groups do not appear to be exact matches


Associated Families

There are currently no families associated with this actor.


References
2022-08-04MandiantMandiant
@online{mandiant:20220804:advanced:afb8956, author = {Mandiant}, title = {{Advanced Persistent Threats (APTs)}}, date = {2022-08-04}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/insights/apt-groups}, language = {English}, urldate = {2022-08-30} } Advanced Persistent Threats (APTs)
APT1 APT10 APT12 APT14 APT15 APT16 APT17 APT18 APT19 APT2 APT20 APT21 APT22 APT23 APT24 APT27 APT3 APT30 APT31 APT4 APT40 APT5 APT9 Naikon
2022-05-04CywareCyware
@online{cyware:20220504:chinese:58cae39, author = {Cyware}, title = {{Chinese Naikon Group Back with New Espionage Attack}}, date = {2022-05-04}, organization = {Cyware}, url = {https://cyware.com/news/chinese-naikon-group-back-with-new-espionage-attack-66a8413d}, language = {English}, urldate = {2022-08-22} } Chinese Naikon Group Back with New Espionage Attack
APT30 Naikon
2022-04-29Cluster25Cluster25
@online{cluster25:20220429:lotus:c5520e5, author = {Cluster25}, title = {{The LOTUS PANDA Is Awake, Again. Analysis Of Its Last Strike.}}, date = {2022-04-29}, organization = {Cluster25}, url = {https://cluster25.io/2022/04/29/lotus-panda-awake-last-strike/}, language = {English}, urldate = {2022-04-29} } The LOTUS PANDA Is Awake, Again. Analysis Of Its Last Strike.
APT30 Naikon
2020-06-19Positive TechnologiesAlexey Vishnyakov
@online{vishnyakov:20200619:eagle:01efbbd, author = {Alexey Vishnyakov}, title = {{The eagle eye is back: old and new backdoors from APT30}}, date = {2020-06-19}, organization = {Positive Technologies}, url = {https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/eagle-eye-is-back-apt30/}, language = {English}, urldate = {2020-06-20} } The eagle eye is back: old and new backdoors from APT30
backspace NETEAGLE RCtrl RHttpCtrl APT30
2020SecureworksSecureWorks
@online{secureworks:2020:bronze:f4862d1, author = {SecureWorks}, title = {{BRONZE GENEVA}}, date = {2020}, organization = {Secureworks}, url = {https://www.secureworks.com/research/threat-profiles/bronze-geneva}, language = {English}, urldate = {2020-05-23} } BRONZE GENEVA
backspace APT30 Naikon
2019-11-19FireEyeNalani Fraser, Kelli Vanderlee
@techreport{fraser:20191119:achievement:30aad54, author = {Nalani Fraser and Kelli Vanderlee}, title = {{Achievement Unlocked: Chinese Cyber Espionage Evolves to Support Higher Level Missions}}, date = {2019-11-19}, institution = {FireEye}, url = {https://www.fireeye.com/content/dam/fireeye-www/summit/cds-2019/presentations/cds19-executive-s08-achievement-unlocked.pdf}, language = {English}, urldate = {2022-09-12} } Achievement Unlocked: Chinese Cyber Espionage Evolves to Support Higher Level Missions
APT1 APT10 APT2 APT26 APT3 APT30 APT41 Naikon Tonto Team
2019-03-22MITREMITRE
@online{mitre:20190322:apt30:83830f2, author = {MITRE}, title = {{APT30}}, date = {2019-03-22}, organization = {MITRE}, url = {https://attack.mitre.org/wiki/Group/G0013}, language = {English}, urldate = {2020-01-09} } APT30
APT30
2019MITREMITRE ATT&CK
@online{attck:2019:naikon:f6661ca, author = {MITRE ATT&CK}, title = {{Group description: Naikon}}, date = {2019}, organization = {MITRE}, url = {https://attack.mitre.org/groups/G0019/}, language = {English}, urldate = {2019-12-20} } Group description: Naikon
APT30 Naikon
2019Council on Foreign RelationsCyber Operations Tracker
@online{tracker:2019:30:a7aecdd, author = {Cyber Operations Tracker}, title = {{APT 30}}, date = {2019}, organization = {Council on Foreign Relations}, url = {https://www.cfr.org/interactive/cyber-operations/apt-30}, language = {English}, urldate = {2019-12-20} } APT 30
APT30
2017-08-24Kaspersky LabsKaspersky
@online{kaspersky:20170824:naikon:9ad7610, author = {Kaspersky}, title = {{Naikon Targeted Attacks}}, date = {2017-08-24}, organization = {Kaspersky Labs}, url = {https://usa.kaspersky.com/resource-center/threats/naikon-targeted-attacks}, language = {English}, urldate = {2022-08-22} } Naikon Targeted Attacks
APT30 Naikon
2015-05-29Kaspersky LabsKurt Baumgartner, Maxim Golovkin
@techreport{baumgartner:20150529:msnmm:3d6b500, author = {Kurt Baumgartner and Maxim Golovkin}, title = {{THE MsnMM CAMPAIGNS: The Earliest Naikon APT Campaigns}}, date = {2015-05-29}, institution = {Kaspersky Labs}, url = {https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/07205555/TheNaikonAPT-MsnMM1.pdf}, language = {English}, urldate = {2020-01-09} } THE MsnMM CAMPAIGNS: The Earliest Naikon APT Campaigns
APT30 Naikon
2015-05-14Kaspersky LabsKurt Baumgartner, Maxim Golovkin
@online{baumgartner:20150514:naikon:9edea2f, author = {Kurt Baumgartner and Maxim Golovkin}, title = {{The Naikon APT}}, date = {2015-05-14}, organization = {Kaspersky Labs}, url = {https://securelist.com/analysis/publications/69953/the-naikon-apt/}, language = {English}, urldate = {2019-12-20} } The Naikon APT
Naikon SslMM Sys10 WinMM xsPlus APT30 Naikon
2015-04-15FireEyeFireEye
@techreport{fireeye:20150415:apt30:d09a09c, author = {FireEye}, title = {{APT30 and the Mechanics of a Long-Running Cyber Espionage Campaign}}, date = {2015-04-15}, institution = {FireEye}, url = {https://www.mandiant.com/sites/default/files/2021-09/rpt-apt30.pdf}, language = {English}, urldate = {2022-08-25} } APT30 and the Mechanics of a Long-Running Cyber Espionage Campaign
backspace FLASHFLOOD NETEAGLE SHIPSHAPE SPACESHIP APT30
2015-04FireEyeFireEye
@techreport{fireeye:201504:apt30:0129bf7, author = {FireEye}, title = {{APT30 AND THE MECHANICS OF A LONG-RUNNING CYBER ESPIONAGE OPERATION}}, date = {2015-04}, institution = {FireEye}, url = {https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf}, language = {English}, urldate = {2020-01-07} } APT30 AND THE MECHANICS OF A LONG-RUNNING CYBER ESPIONAGE OPERATION
BACKBEND backspace CREAMSICLE FLASHFLOOD GEMCUTTER MILKMAID Naikon NETEAGLE ORANGEADE SHIPSHAPE SPACESHIP SslMM Sys10 WinMM xsPlus APT30
2015ThreatConnectThreatConnect
@online{threatconnect:2015:naikon:59ceced, author = {ThreatConnect}, title = {{Naikon Tag in ThreatConnect Blogs}}, date = {2015}, organization = {ThreatConnect}, url = {https://threatconnect.com/blog/tag/naikon/}, language = {English}, urldate = {2020-04-06} } Naikon Tag in ThreatConnect Blogs
APT30 Naikon
2014-03-25FireEyeAlex Lanstein, Ned Moran
@online{lanstein:20140325:spear:762baf1, author = {Alex Lanstein and Ned Moran}, title = {{Spear Phishing the News Cycle: APT Actors Leverage Interest in the Disappearance of Malaysian Flight MH 370}}, date = {2014-03-25}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2014/03/spear-phishing-the-news-cycle-apt-actors-leverage-interest-in-the-disappearance-of-malaysian-flight-mh-370.html}, language = {English}, urldate = {2019-12-20} } Spear Phishing the News Cycle: APT Actors Leverage Interest in the Disappearance of Malaysian Flight MH 370
APT30 Naikon
2013-02-27Trend MicroAbraham Camba
@online{camba:20130227:bkdrrarstone:8c1d7b2, author = {Abraham Camba}, title = {{BKDR_RARSTONE: New RAT to Watch Out For}}, date = {2013-02-27}, organization = {Trend Micro}, url = {https://blog.trendmicro.com/trendlabs-security-intelligence/bkdr_rarstone-new-rat-to-watch-out-for/}, language = {English}, urldate = {2020-01-08} } BKDR_RARSTONE: New RAT to Watch Out For
APT30

Credits: MISP Project