ManageEngine x Forrester | Workforce Identity Platforms Landscape Report

Recent AD News

Chinese hacker group ‘Naikon’ strikes again: Targets ASEAN nations

According to researchers, the China-backed APT named Naikon (also known as ‘Override Panda’) has shown up again. The group masterminded a recent phishing campaign that was carried out to steal confidential information assets.

Also known as Hellsing, and Bronze Geneva, Naikon is a known nation-state actor that has been working on behalf of China since 2005. The group was first uncovered by Kaspersky during 2015 in an attack against governmental agencies surrounding the South China Sea.

A report published by Cluster25 has uncovered that the group has specifically targeted the governing bodies of countries belonging to the ASEAN union. The nations attacked are Brunei, Cambodia, Indonesia, Laos, Malaysia, Myanmar, the Philippines, Singapore, Thailand, and Vietnam.

“By observing Naikon APT’s hacking arsenal, it was concluded that this group tends to conduct long-term intelligence and espionage operations, typical for a group that aims to conduct attacks on foreign governments and officials.” said the report regarding the group’s modus operandi. “To avoid detection and maximize the result, it changed different TTPs and tools over time.”

For initial access, the group sends a spear phishing email containing a malicious office document (written in Chinese) to the victim’s address. Once opened, the document unleashes an attack that involves launching a shellcode using the HEXINI loader which subsequently injects the final beacon for the Viper red team tool.

Elaborating the Chinese connection, the report said that “during the analysis it was discovered part of Naikon APT arsenal. Starting from what we observed we can assert that this Chinese group is using open-source tools like Viper and ARL (Asset Reconnaissance Lighthouse). Both tools seem to be developed by a Chinese programmer, as most of their documentation is written in Mandarin.”

Related posts
Recent AD News

Bumblebee: A new malware loader on the prowl

Recent AD News

FBI issues alert: A lethal ransomware that breached 60 companies

Recent AD News

Israel's Pegasus spyware finds a new target

Recent AD News

Researchers warn of two info-stealers on the prowl targeting users


There are over 8,500 people who are getting towards perfection in Active Directory, IT Management & Cyber security through our insights from Identitude.

Wanna be a part of our bimonthly curation of IAM knowledge?

  • -Select-
  • By clicking 'Become an insider', you agree to processing of personal data according to the Privacy Policy.