

APT1: Exposing One of China's Cyber Espionage Units - NelsonMinar
http://intelreport.mandiant.com/

======
maditaly
Our analysis has led us to conclude that APT1 is likely government-sponsored
and one of the most persistent of China's cyber threat actors. The scale and
impact of APT1's operations compelled us to write this report. In an attempt
to bolster defenses against APT1 operations Mandiant is also releasing more
than 3,000 indicators as part of the appendix to this report, which can be
used with our free tools and our commercial products to search for signs of
APT attack activity.

Highlights of the report include:

APT1 is believed to be the 2nd Bureau of the People’s Liberation Army (PLA)
General Staff Department’s (GSD) 3rd Department, which is most commonly known
by its Military Unit Cover Designator (MUCD) as Unit 61398. APT1 has
systematically stolen hundreds of terabytes of data from at least 141
organizations. APT1 focuses on compromising organizations across a broad range
of industries in English-speaking countries. APT1 maintains an extensive
infrastructure of computer systems around the world. In over 97% of the 1,905
times Mandiant observed APT1 intruders connecting to their attack
infrastructure, APT1 used IP addresses registered in Shanghai and systems set
to use the Simplified Chinese language. The size of APT1’s infrastructure
implies a large organization with at least dozens, but potentially hundreds of
human operators. In an effort to underscore that there are actual individuals
behind the keyboard, Mandiant is revealing three personas that are associated
with APT1 activity. Mandiant is releasing more than 3,000 indicators to
bolster defenses against APT1 operations.

