Virus Type: Advanced Persistent Threat (APT)

What is Naikon?

Naikon is a threat actor that appears to be Chinese-speaking. Its primary targets are top-level government agencies and civil and military organizations.  Naikon is one of the most active APTs in Asia, especially around the South China Sea, and has been spying on entities in the area for around five years, since at least 2010.

Who are the victims of these attacks?

Kaspersky Lab has detected Naikon malware in the Philippines, Malaysia, Cambodia, Indonesia, Vietnam, Myanmar, Singapore, Nepal, Thailand, Laos and China.

Am I at risk?

Naikon’s targets are hit using traditional spear-phishing techniques, with emails carrying attachments designed to be of interest to the potential victim. This attachment might look like a Word document, but is in fact an executable file with a double extension. You might be a target of Naikon if the following risk factors are familiar to you:

Risk factors:

  • If you work for/with governments/military in APAC
  • You possess valuable information
  • If you receive and read hundreds of emails, open attachments

Are normal consumers at risk?

We haven’t seen the Naikon group attacking ordinary consumers, however the malware used by the group could easily be turned against anyone running Windows and using email.. Basically, if someone is connected with an individual of interest to the Naikon APT, they could be targeted.

How can I protect myself?

  • Don’t open attachments and links from people you don’t know
  • Use an advanced anti-malware solution
  • If you are unsure about the attachment, try to open it in a sandbox
  • Make sure you have an up-to-date version of your operating system with all patches installed