Naikon APT is still active in the APAC region.
Check Point uncovered an ongoing cyberespionage campaign run by the China-associated Naikon APT against at least seven national governments in the Asia Pacific. The operation has focused on "ministries of foreign affairs, science and technology ministries, as well as government-owned companies" located in Australia, Brunei, Indonesia, Myanmar, the Philippines, Thailand, and Vietnam. The group's activities include "locating and collecting specific documents from infected computers and networks within government departments" and "extracting data from removable drives, taking screenshots and keylogging, and of course harvesting the stolen data for espionage."
ThreatConnect and Defense Group released a report in 2015 linking Naikon to Unit 78020 of the PLA's Chengdu Military Region Second Technical Reconnaissance Bureau, which is responsible for "regional computer network operations, signals intelligence, and political analysis of the Southeast Asian border nations, particularly those claiming disputed areas of the energy-rich South China Sea." Following ThreatConnect's publication, Naikon apparently retooled and turned to stealthier tactics, allowing it to stay off the radar for five years.
Check Point says Naikon is using a previously unobserved remote access Trojan dubbed "Aria-body," which contains code overlap with a Naikon backdoor described by Kaspersky in 2015. The hackers use their access to compromised networks to launch spearphishing attacks against additional government entities, and they configure their victims' servers to act as command-and-control servers.