Few weeks after the discovery of the sophisticated cyber espionage campaign against principal US media The Mandiant® Intelligence Center™ released an shocking report that reveals an enterprise-scale computer espionage campaign dubbed APT1. The term APT1 is referred to one of the numerous cyber espionage campaign that stolen the major quantity of information all over the world.
The evidences collected by the security experts link APT1 to China’s 2nd Bureau of the People’s Liberation Army (PLA) General Staff Department’s (GSD) 3rd Department (Military Cover Designator 61398) but what is really impressive is that the operation have been started in the distant 2006 targeting 141 victims across multiple industries.
During the attacks the attackers have took over APT1 malware families and has revealed by the report APT1′s modus operandi (tools, tactics, procedures) including a compilation of videos showing actual APT1 activity.
The Mandiant has also identified more than 3,000 indicators to improve defenses against APT1 operations and is releasing a specific document that will address them including APT1 indicators such as domain names, IP addresses, and MD5 hashes of malware.
APt1 has systematically stolen hundreds of terabytes of data from victim organizations and has demonstrated the capability and intent to steal from dozens of organizations simultaneously. APT1 is a persistent collector, once APT1 has established access, they periodically access to victim’s network stealing sensible information and intellectual property for a long time, typically maintaining access to victim networks for an average of 356 days.
The longest time period APT1 maintained access to a victim’s network was 1,764 days, or four years and ten months.
Mandiant managers have decided to make an exception to its traditional non-disclosure policy due the risks related to the imposing cyber espionage campaign and its impact on global economy, many states and related industries are victims of the offensive.
Following a meaningful declaration of the security firm:
“It is time to acknowledge the threat is originating from China, and we wanted to do our part to arm and prepare security professionals to combat the threat effectively. The issue of attribution has always been a missing link in the public’s understanding of the landscape of APT cyber espionage. Without establishing a solid connection to China, there will always be room for observers to dismiss APT actions as uncoordinated, solely criminal in nature, or peripheral to larger national security and global economic concerns. We hope that this report will lead to increased understanding and coordinated action in countering APT network breaches.”
The cyber war has started a long time ago!