Project CameraShy:

Closing the Aperture on China’s Unit 78020

China is aggressively claiming territory deeper into the South China Sea, threatening economic and political stability in the Southeast Asia and beyond. The territorial activity is accompanied by high-tempo cyber espionage and malware attacks, malicious attachments and spear phishing, directed at Southeast Asian military, diplomatic, and economic targets.

ThreatConnect®, in partnership with Defense Group Inc., has attributed the targeted cyber espionage infrastructure activity

associated with the “Naikon” Advanced Persistent Threat (APT) group to a specific unit of the Chinese People’s Liberation Army (PLA). Our assessment is based on technical analysis of Naikon threat activity and native language research on a PLA officer within Unit 78020.

Project CameraShy takes readers through our intelligence analysis, pivot by pivot, as we connect the dots using the Diamond Model of Intrusion Analysis.

Below are the document checksums for Project_CAMERASHY_ThreatConnect_Copyright_2015.pdf
MD5: b12f118840d0aa0d5ab2fb9aa052ede3
SHA1: dbd710751a6c32ba91401fb5e5623f46b4d2475f
SHA256: da6b105f1e58f860ce67b2ad2db7b15ff7b637cfb37f7d0680a20eb633bcc741

Explore the Intelligence In-Depth

Once you’ve read the CameraShy report, visit our Resources page to explore the intelligence in greater detail. Browse interactive maps of threat infrastructure, view interactive timelines of threat activities and see how we connected the dots using the Diamond Model of Intrusion Analysis. Discover how ThreatConnect’s Threat Intelligence Platform brought together a community of intelligence professionals to uncover and intercept this global cyber threat.