Naikon
Associated Group Descriptions |
|
Name | Description |
---|---|
Techniques Used |
||||
Domain | ID | Name | Use | |
---|---|---|---|---|
Enterprise | T1547 | .001 | Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder |
Naikon has modified a victim's Windows Run registry to establish persistence.(Citation: Bitdefender Naikon April 2021) |
Enterprise | T1574 | .002 | Hijack Execution Flow: DLL Side-Loading |
Naikon has used DLL side-loading to load malicious DLL's into legitimate executables.(Citation: CheckPoint Naikon May 2020) |
Enterprise | T1036 | .004 | Masquerading: Masquerade Task or Service |
Naikon renamed a malicious service |
.005 | Masquerading: Match Legitimate Name or Location |
Naikon has disguised malicious programs as Google Chrome, Adobe, and VMware executables.(Citation: Bitdefender Naikon April 2021) |
||
Enterprise | T1137 | .006 | Office Application Startup: Add-ins |
Naikon has used the RoyalRoad exploit builder to drop a second stage loader, intel.wll, into the Word Startup folder on the compromised host.(Citation: CheckPoint Naikon May 2020) |
Enterprise | T1566 | .001 | Phishing: Spearphishing Attachment |
Naikon has used malicious e-mail attachments to deliver malware.(Citation: CheckPoint Naikon May 2020) |
Enterprise | T1053 | .005 | Scheduled Task/Job: Scheduled Task |
Naikon has used schtasks.exe for lateral movement in compromised networks.(Citation: Bitdefender Naikon April 2021) |
Enterprise | T1518 | .001 | Software Discovery: Security Software Discovery |
Naikon uses commands such as |
Enterprise | T1204 | .002 | User Execution: Malicious File |
Naikon has convinced victims to open malicious attachments to execute malware.(Citation: CheckPoint Naikon May 2020) |
Enterprise | T1078 | .002 | Valid Accounts: Domain Accounts |
Naikon has used administrator credentials for lateral movement in compromised networks.(Citation: Bitdefender Naikon April 2021) |
References
- Baumgartner, K., Golovkin, M.. (2015, May). The MsnMM Campaigns: The Earliest Naikon APT Campaigns. Retrieved April 10, 2019.
- Vrabie, V. (2021, April 23). NAIKON – Traces from a Military Cyber-Espionage Operation. Retrieved June 29, 2021.
- ThreatConnect Inc. and Defense Group Inc. (DGI). (2015, September 23). Project CameraShy: Closing the Aperture on China's Unit 78020. Retrieved December 17, 2015.
- CheckPoint. (2020, May 7). Naikon APT: Cyber Espionage Reloaded. Retrieved May 26, 2020.
- Baumgartner, K., Golovkin, M.. (2015, May 14). The Naikon APT. Retrieved January 14, 2015.
Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.