New Security Report Indicates China's Cyber Espionage Efforts Targeted Infrastructure
Mandiant, a leading threat detection organization, released a detailed report exposing a multi-year espionage campaign by one of the largest “Advanced Persistent Threat” (APT) groups. The report, “APT1: Exposing One of China’s Cyber Espionage Units”, provides evidence linking one group, designated by Mandiant as APT1, to China’s 2nd Bureau of the People’s Liberation Army (PLA) General Staff Department’s (GSD) 3rd Department (Military Unit Cover Designator 61398) and details how it has systematically stolen confidential data from at least 141 organizations across multiple industries.
“APT1 is among dozens of threat groups Mandiant tracks around the world, and one of more than twenty attributed to China that are engaged in computer intrusion activities,” said Kevin Mandia, Mandiant’s chief executive officer. “Given the sheer amount of data this particular group has stolen, we decided it was necessary to arm and prepare as many organizations as possible to prevent additional losses.”
In addition to the report, Mandiant is releasing more than 3,000 APT1 indicators to expose and degrade APT1’s infrastructure and allow organizations to bolster their defenses against APT1’s arsenal of digital weapons. The indicators released in conjunction with the report include domain names, MD5 hashes of malware and X.509 encryption certificates.
In addition to the report, Mandiant is releasing more than 3,000 APT1 indicators to expose and degrade APT1’s infrastructure and allow organizations to bolster their defenses against APT1’s arsenal of digital weapons. The indicators released in conjunction with the report include domain names, MD5 hashes of malware and X.509 encryption certificates.
Additional highlights of the report include:
- Evidence linking APT1 to China’s 2nd Bureau of the People’s Liberation Army (PLA) General Staff Department’s (GSD) 3rd Department (Military Cover Designator 61398).
- A timeline of APT1 economic espionage conducted since 2006 against 141 victims across multiple industries.
- APT1’s modus operandi (tools, tactics, procedures) including a compilation of videos showing actual APT1 activity.
- The timeline and details of over 40 APT1 malware families.
- The timeline and details of APT1’s extensive attack infrastructure.
The full report, the indicators and a video detailing APT1 intrusion tactics and attacker activity can be accessed at http://www.mandiant.com/apt1.
ABOUT MANDIANT
Mandiant is the leader in advanced threat detection and response solutions. Headquartered in Alexandria, Virginia, with offices in New York, Los Angeles, San Francisco and Reston, Virginia, Mandiant provides products, professional services and education to Fortune 500 companies, financial institutions, government agencies, domestic and foreign police departments and the world’s leading law firms. The authors of 12 books and quoted frequently by leading media organizations, Mandiant security consultants and engineers hold top government security clearances and certifications and advanced degrees from some of the most prestigious computer science universities. To learn more about Mandiant visit www.mandiant.com, read the company blog, M-unition™ http://blog.mandiant.com, follow on Twitter @Mandiant or Facebook atwww.facebook.com/mandiantcorp.
