Naikon (aka Override Panda, Lotus Panda, or Hellsing) has a track record of targeting government entities in the Asia-Pacific (APAC) region in search of geopolitical intelligence. While initially assumed to have gone off the radar since first exposed in 2015, evidence emerged to the contrary last May when the adversary was spotted using a new backdoor called « Aria-Body » to stealthily break into networks and leverage the compromised infrastructure as a command-and-control (C2) server to launch additional attacks against other organizations. The new wave of attacks employed RainyDay as the primary backdoor, with the actors using it to conduct reconnaissance, deliver additional payloads, perform lateral movement across the network, and exfiltrate sensitive information.

https://labs.bitdefender.com/2021/04/new-nebulae-backdoor-linked-with-the-naikon-group/