Project CameraShy: Closing the Aperture on China's Unit 78020

China is aggressively claiming territory deeper into the South China Sea, threatening economic and political stability in the Southeast Asia and beyond. The territorial activity is accompanied by high-tempo cyber espionage and malware attacks, malicious attachments and spear phishing, directed at Southeast Asian military, diplomatic, and economic targets.

ThreatConnect®, in partnership with Defense Group Inc., has attributed the targeted cyber espionage infrastructure activity associated with the “Naikon” Advanced Persistent Threat (APT) group to a specific unit of the Chinese People’s Liberation Army (PLA). Our assessment is based on technical analysis of Naikon threat activity and native language research on a PLA officer within Unit 78020.

Project CameraShy takes readers through our intelligence analysis, pivot by pivot, as we connect the dots using the Diamond Model of Intrusion Analysis. 

Below are the document checksums for Project_CAMERASHY_ThreatConnect_Copyright_2015.pdf

MD5: b12f118840d0aa0d5ab2fb9aa052ede3
SHA1: dbd710751a6c32ba91401fb5e5623f46b4d2475f
SHA256: da6b105f1e58f860ce67b2ad2db7b15ff7b637cfb37f7d0680a20eb633bcc741