Naikon APT Linked to Chinese Army Unit 78020

Written by

A notorious APT group responsible for countless cyber-espionage raids on targets in south-east Asia over the past five years has been linked for the first time to the Chinese military.

In a new report, ThreatConnect and Defense Group Inc (DGI) combine technical analysis with Chinese language research and expertise to arrive at the conclusion that Naikon is heavily linked to the PLA Chengdu Military Region (MR) Second Technical Reconnaissance Bureau (TRB) Military Unit Cover Designator (MUCD) 78020.

This army unit is based in Kunming, the capital of Yunnan province, and has a remit of conducting cyber-espionage against south-east Asian military, diplomatic, and economic targets as well as ASEAN and the UN Development Programme, the report claimed.

Analysis of the C&C infrastructure used in the campaign so far revealed “a strong nexus to the city of Kunming,” it added.

But more damming than that, the researchers analyzed one domain which regularly appeared during Naikon raids: “greensky27.vicp.net.”

Further research found many social media accounts with the user name GreenSky27, linked to a Chinese national living in Kunming called Ge Xing.

He is identified as a member of PLA Unit 78020 “notably evidenced by his public academic publications and routine physical access to the PLA compound,” the report revealed.

What’s more, he is said to specialize in south-east Asian politics.

“In eight individual cases, notable overlaps of Ge Xing’s pattern of life activities would match patterns identified within five years of greensky27.vicp.net infrastructure activity,” the report continued.

The five-year long Naikon APT campaign supports China’s interest in the resource-rich South China Sea region by allowing it to capture intelligence on key regional powers.

This part of Asia has already been the subject of fierce maritime disputes between China and neighbors including Vietnam and the Philippines.

As the PRC has already shown with its aggressive construction of military installations on reclaimed land in the SCS, China is pushing ahead relentlessly with plans to become the dominant power in the region.

What’s hot on Infosecurity Magazine?