APT30

Overview

APT30 is a threat group suspected to be associated with the Chinese government. While Naikon shares some characteristics with APT30, the two groups do not appear to be exact matches.

Targets

Government

Regions

India · Malaysia · Saudi Arabia · South Korea · Thailand · United States · Vietnam

Capabilities

• Custom malware/implant development — ATT&CK: 5 attributed custom malware families

TTPs — 2 techniques across 2 tactics

Tools & malware (5)

SHIPSHAPE · BACKSPACE · FLASHFLOOD · NETEAGLE · SPACESHIP

Reporting (2)

• The Naikon APT — Baumgartner, K., Golovkin, M.
• APT30 AND THE MECHANICS OF A LONG-RUNNING CYBER ESPIONAGE OPERATION — FireEye Labs