VERY IMPORTANT

NAIKON is a threat actor that has been active for more than a decade. Likely tied with China, the group focuses on high profile targets such as government agencies and military organizations in the South Asia region. The purpose of this report is to provide details about tactics, techniques and procedures, as well as tools and infrastructure information of the attackers. The findings reveal their strategy to remain stealthy by mimicking legitimate applications that are running on individual infected machines. The collected evidence suggest that the aim of the APT group was espionage and data exfiltration.