Threat Actor Profile
Description
Naikon is assessed to be a state-sponsored cyber espionage group attributed to the Chinese People’s Liberation Army’s (PLA) Chengdu Military Region Second Technical Reconnaissance Bureau (Military Unit Cover Designator 78020).(Citation: CameraShy) Active since at least 2010, Naikon has primarily conducted operations against government, military, and civil organizations in Southeast Asia, as well as against international bodies such as the United Nations Development Programme (UNDP) and the Association of Southeast Asian Nations (ASEAN).(Citation: CameraShy)(Citation: Baumgartner Naikon 2015) While Naikon shares some characteristics with APT30, the two groups do not appear to be exact matches.(Citation: Baumgartner Golovkin Naikon 2015)
Confidence Score
Known Aliases
Tags
First Seen
Unknown
Last Updated
Unknown
Active Status
ActiveCreated
April 29, 2026
MITRE ATT&CK Techniques (14)
Indicators of Compromise
Loading IOCs…
IOC KQL for Sentinel
STIX Data
{'aliases': ['Naikon'],
'created': '2017-05-31T21:31:54.232Z',
'created_by_ref': 'identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5',
'description': '[Naikon](https://attack.mitre.org/groups/G0019) is assessed '
'to be a state-sponsored cyber espionage group attributed to '
'the Chinese People’s Liberation Army’s (PLA) Chengdu Military '
'Region Second Technical Reconnaissance Bureau (Military Unit '
'Cover Designator 78020).(Citation: CameraShy) Active since at '
'least 2010, [Naikon](https://attack.mitre.org/groups/G0019) '
'has primarily conducted operations against government, '
'military, and civil organizations in Southeast Asia, as well '
'as against international bodies such as the United Nations '
'Development Programme (UNDP) and the Association of Southeast '
'Asian Nations (ASEAN).(Citation: CameraShy)(Citation: '
'Baumgartner Naikon 2015) \n'
'\n'
'While [Naikon](https://attack.mitre.org/groups/G0019) shares '
'some characteristics with '
'[APT30](https://attack.mitre.org/groups/G0013), the two '
'groups do not appear to be exact matches.(Citation: '
'Baumgartner Golovkin Naikon 2015)',
'external_references': [{'external_id': 'G0019',
'source_name': 'mitre-attack',
'url': 'https://attack.mitre.org/groups/G0019'},
{'description': '(Citation: Baumgartner Naikon '
'2015)(Citation: CameraShy)(Citation: '
'Baumgartner Golovkin Naikon 2015)',
'source_name': 'Naikon'},
{'description': 'ThreatConnect Inc. and Defense Group '
'Inc. (DGI). (2015, September 23). '
'Project CameraShy: Closing the '
"Aperture on China's Unit 78020. "
'Retrieved December 17, 2015.',
'source_name': 'CameraShy',
'url': 'http://cdn2.hubspot.net/hubfs/454298/Project_CAMERASHY_ThreatConnect_Copyright_2015.pdf'},
{'description': 'Baumgartner, K., Golovkin, M.. '
'(2015, May). The MsnMM Campaigns: '
'The Earliest Naikon APT Campaigns. '
'Retrieved April 10, 2019.',
'source_name': 'Baumgartner Naikon 2015',
'url': 'https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/07205555/TheNaikonAPT-MsnMM1.pdf'},
{'description': 'Baumgartner, K., Golovkin, M.. '
'(2015, May 14). The Naikon APT. '
'Retrieved January 14, 2015.',
'source_name': 'Baumgartner Golovkin Naikon 2015',
'url': 'https://securelist.com/the-naikon-apt/69953/'}],
'id': 'intrusion-set--2a158b0a-7ef8-43cb-9985-bf34d1e12050',
'modified': '2025-04-25T14:49:21.044Z',
'name': 'Naikon',
'object_marking_refs': ['marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168'],
'spec_version': '2.1',
'type': 'intrusion-set',
'x_mitre_attack_spec_version': '3.2.0',
'x_mitre_contributors': ['Kyaw Pyiyt Htet, @KyawPyiytHtet'],
'x_mitre_deprecated': False,
'x_mitre_domains': ['enterprise-attack'],
'x_mitre_modified_by_ref': 'identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5',
'x_mitre_version': '2.0'}