This site does not store any files on its server.We only index and link to content provided by other sites. In case of any query/objection regarding copyright or piracy, please inform us at firstname.lastname@example.org.We will immediately respond to you.
"Security is a culture"
Wednesday, February 20, 2013
Exposing One of China's Cyber Espionage Units
Analysis has led us to conclude that APT1 is likely government-sponsored
and one of the most persistent of China's cyber threat actors. The scale and
impact of APT1's operations compelled us to write this report. In an attempt to
bolster defenses against APT1 operations Mandiant is also releasing more than
3,000 indicators as part of the appendix to this report, which can be used with
our free tools and
our commercial products to search for signs
of APT attack activity.
Highlights of the report include:
APT1 is believed to be the 2nd Bureau of the People’s Liberation Army
(PLA) General Staff Department’s (GSD) 3rd Department, which is most commonly
known by its Military Unit Cover Designator (MUCD) as Unit 61398.
APT1 has systematically stolen hundreds of terabytes of data from at
least 141 organizations.
APT1 focuses on compromising organizations across a broad range of
industries in English-speaking countries.
APT1 maintains an extensive infrastructure of computer systems around
In over 97% of the 1,905 times Mandiant observed APT1 intruders
connecting to their attack infrastructure, APT1 used IP addresses registered in
Shanghai and systems set to use the Simplified Chinese language.
The size of APT1’s infrastructure implies a large organization with at
least dozens, but potentially hundreds of human operators.
In an effort to underscore that there are actual individuals behind the
keyboard, Mandiant is revealing three personas that are associated with APT1
Mandiant is releasing more than 3,000 indicators to bolster defenses
against APT1 operations.