APT / THREAT GROUP🕵️ ESPIONAGE

Naikon

🇨🇳China-attributed
10
aliases
Last seen:Mar 17, 2026

Intelligence Profile

[Naikon](https://attack.mitre.org/groups/G0019) is assessed to be a state-sponsored cyber espionage group attributed to the Chinese People’s Liberation Army’s (PLA) Chengdu Military Region Second Technical Reconnaissance Bureau (Military Unit Cover Designator 78020).(Citation: CameraShy) Active since at least 2010, [Naikon](https://attack.mitre.org/groups/G0019) has primarily conducted operations against government, military, and civil organizations in Southeast Asia, as well as against international bodies such as the United Nations Development Programme (UNDP) and the Association of Southeast Asian Nations (ASEAN).(Citation: CameraShy)(Citation: Baumgartner Naikon 2015)

While [Naikon](https://attack.mitre.org/groups/G0019) shares some characteristics with [APT30](https://attack.mitre.org/groups/G0013), the two groups do not appear to be exact matches.(Citation: Baumgartner Golovkin Naikon 2015)

Threat Analysis

Naikon is a known-sophistication threat actor attributed to China, engaged in cyber operations with a primary motivation of espionage.

The group's espionage-oriented operations suggest a state-sponsored or state-aligned mandate, typically focused on stealing intellectual property, government secrets, or military intelligence. Targets are usually selected for strategic value rather than financial gain.

External References

Quick Facts

TypeAPT / Threat Group
Motivation🕵️ espionage
Origin🇨🇳 China
Aliases10
SourceMalpedia

Also Known As

G0013CamerashyBRONZE GENEVABRONZE STERLINGOVERRIDE PANDAG0019win.naikonPLA Unit 78020SactoNaikon

External Intelligence

Malpedia: win.naikon

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.