May 10, 2022

NAIKON Threat Group Resurfaces

Industry: Foreign Affairs, Government, Military, Science, Technology | Level: Tactical | Source: Cluster25

Cluster25 has recently identified advanced persistent threat (APT) group, NAIKON (aka Override Panda) as resurfacing. The threat group’s activity has been targeting countries in the Association of Southeast Asian Nations (ASEAN). An observed attack from the threat group begins with a phishing email containing a document with malicious VBA code that writes executables to the temp folder. Finally, a beacon using Viper, an offensive security framework is injected into svchost.exe. Based on the group’s past activity, their targets appear to be foreign affairs, government, military, science, and technology organizations aligned with Chinese interests. Their campaigns focus on intelligence collection and espionage.

  • Anvilogic Use Cases:
    • Malicious Document Execution
    • Executable Process from Suspicious Folder
    • Rare Remote Thread