Virus Type: Advanced Persistent Threat (APT)
Naikon is a threat actor that appears to be Chinese-speaking. Its primary targets are top-level government agencies and civil and military organizations. Naikon is one of the most active APTs in Asia, especially around the South China Sea, and has been spying on entities in the area for around five years, since at least 2010.
Kaspersky Lab has detected Naikon malware in the Philippines, Malaysia, Cambodia, Indonesia, Vietnam, Myanmar, Singapore, Nepal, Thailand, Laos and China.
Naikon’s targets are hit using traditional spear-phishing techniques, with emails carrying attachments designed to be of interest to the potential victim. This attachment might look like a Word document, but is in fact an executable file with a double extension. You might be a target of Naikon if the following risk factors are familiar to you:
We haven’t seen the Naikon group attacking ordinary consumers, however the malware used by the group could easily be turned against anyone running Windows and using email.. Basically, if someone is connected with an individual of interest to the Naikon APT, they could be targeted.