Vietnam, Cambodia, Indonesia, Malaysia, China, Philippines, Myanmar, Singapore, Nepal, Thailand, Lao People's Democratic Republic
Social engineering
Exploits
Cyberespionage
Surveillance
Remote control
Each target country has a designated human operator, whose job it is to take advantage of cultural aspects of the country, such as a tendency to use personal email accounts for work
The placing of infrastructure (a proxy server) within the country’s borders to provide daily support for real-time connections and data exfiltration
At least five years of high volume, high profile, geo-political attack activity
Platform-independent code, and the ability to intercept the entire network traffic
48 commands in the repertoire of the remote administration utility, including commands for taking a complete inventory, downloading and uploading data, installing add-on modules, or working with the command line
Private companies
Government entities
Military
Naikon attackers appear to be Chinese-speaking (several indicators, such as Remote administration tool's admin and Honker Union code)
The blog post and research paper are available atSecurelist.com
