Mandiant® - Detect. Respond. Contain.

Press Releases

Mandiant Releases Report Exposing One of China’s Cyber Espionage Groups

Release of 3,000 Indicators Bolsters Defenses Against Cyber Espionage Tactics by APT1

Alexandria, VA

Mandiant®, the leader in advanced threat detection and response solutions, today released a detailed report exposing a multi-year espionage campaign by one of the largest “Advanced Persistent Threat” (APT) groups. The report, “APT1: Exposing One of China’s Cyber Espionage Units”, provides evidence linking one group, designated by Mandiant as APT1, to China’s 2nd Bureau of the People’s Liberation Army (PLA) General Staff Department’s (GSD) 3rd Department (Military Unit Cover Designator 61398) and details how it has systematically stolen confidential data from at least 141 organizations across multiple industries.

“APT1 is among dozens of threat groups Mandiant tracks around the world, and one of more than twenty attributed to China that are engaged in computer intrusion activities,” said Kevin Mandia, Mandiant’s chief executive officer. “Given the sheer amount of data this particular group has stolen, we decided it was necessary to arm and prepare as many organizations as possible to prevent additional losses.” 

In addition to the report, Mandiant is releasing more than 3,000 APT1 indicators to expose and degrade APT1’s infrastructure and allow organizations to bolster their defenses against APT1’s arsenal of digital weapons. The indicators released in conjunction with the report include domain names, MD5 hashes of malware and X.509 encryption certificates.

In addition to the report, Mandiant is releasing more than 3,000 APT1 indicators to expose and degrade APT1’s infrastructure and allow organizations to bolster their defenses against APT1’s arsenal of digital weapons. The indicators released in conjunction with the report include domain names, MD5 hashes of malware and X.509 encryption certificates.

Mandiant’s MCIRT® Managed Defense customers and organizations that have licensed its enterprise-class incident response platform, Mandiant Intelligent Response®, have had previous access to the APT1 indicators released today. With the release of the report, Mandiant is making a set of the APT1 indicators available in the OpenIOC format so they can also be used in conjunction with Redline™, Mandiant’s free host-based investigative tool.

Additional highlights of the report include:

  • Evidence linking APT1 to China’s 2nd Bureau of the People’s Liberation Army (PLA) General Staff Department’s (GSD) 3rd Department (Military Cover Designator 61398).
  • A timeline of APT1 economic espionage conducted since 2006 against 141 victims across multiple industries.
  • APT1’s modus operandi (tools, tactics, procedures) including a compilation of videos showing actual APT1 activity.
  • The timeline and details of over 40 APT1 malware families.
  • The timeline and details of APT1’s extensive attack infrastructure.

The full report, the indicators and a video detailing APT1 intrusion tactics and attacker activity can be accessed at http://www.mandiant.com/apt1.

 

 

 

About MANDIANT

Mandiant is the leader in security incident response management solutions. Headquartered in Alexandria, Virginia, with offices in New York, Los Angeles, San Francisco, London, Dublin and Reston, Virginia, Mandiant provides products, professional services and education to Fortune 500 companies, financial institutions, government agencies, domestic and foreign police departments and the world’s leading law firms. The authors of 12 books and quoted frequently by leading media organisations, Mandiant security consultants and engineers hold top government security clearances, certifications and advanced degrees from some of the most prestigious computer science universities. To learn more about Mandiant visit www.mandiant.com, read the company blog, M-unition™, follow on Twitter @Mandiant or Facebook at www.facebook.com/mandiantcorp.