Press Releases

Mandiant Releases Report Exposing One of China’s Cyber Espionage Groups

Release of 3,000 Indicators Bolsters Defenses Against Cyber Espionage Tactics by APT1

Alexandria, VA

Mandiant®, the leader in advanced threat detection and response solutions, today released a detailed report exposing a multi-year espionage campaign by one of the largest “Advanced Persistent Threat” (APT) groups. The report, “APT1: Exposing One of China’s Cyber Espionage Units”, provides evidence linking one group, designated by Mandiant as APT1, to China’s 2nd Bureau of the People’s Liberation Army (PLA) General Staff Department’s (GSD) 3rd Department (Military Unit Cover Designator 61398) and details how it has systematically stolen confidential data from at least 141 organizations across multiple industries.

“APT1 is among dozens of threat groups Mandiant tracks around the world, and one of more than twenty attributed to China that are engaged in computer intrusion activities,” said Kevin Mandia, Mandiant’s chief executive officer. “Given the sheer amount of data this particular group has stolen, we decided it was necessary to arm and prepare as many organizations as possible to prevent additional losses.” 

In addition to the report, Mandiant is releasing more than 3,000 APT1 indicators to expose and degrade APT1’s infrastructure and allow organizations to bolster their defenses against APT1’s arsenal of digital weapons. The indicators released in conjunction with the report include domain names, MD5 hashes of malware and X.509 encryption certificates.

In addition to the report, Mandiant is releasing more than 3,000 APT1 indicators to expose and degrade APT1’s infrastructure and allow organizations to bolster their defenses against APT1’s arsenal of digital weapons. The indicators released in conjunction with the report include domain names, MD5 hashes of malware and X.509 encryption certificates.

Mandiant’s MCIRT® Managed Defense customers and organizations that have licensed its enterprise-class incident response platform, Mandiant Intelligent Response®, have had previous access to the APT1 indicators released today. With the release of the report, Mandiant is making a set of the APT1 indicators available in the OpenIOC format so they can also be used in conjunction with Redline™, Mandiant’s free host-based investigative tool.

Additional highlights of the report include:

  • Evidence linking APT1 to China’s 2nd Bureau of the People’s Liberation Army (PLA) General Staff Department’s (GSD) 3rd Department (Military Cover Designator 61398).
  • A timeline of APT1 economic espionage conducted since 2006 against 141 victims across multiple industries.
  • APT1’s modus operandi (tools, tactics, procedures) including a compilation of videos showing actual APT1 activity.
  • The timeline and details of over 40 APT1 malware families.
  • The timeline and details of APT1’s extensive attack infrastructure.

The full report, the indicators and a video detailing APT1 intrusion tactics and attacker activity can be accessed at http://www.mandiant.com/apt1.

 

 

 

About FireEye, Inc.

FireEye has invented a purpose-built, virtual machine-based security platform that provides real-time threat protection to enterprises and governments worldwide against the next generation of cyber attacks. These highly sophisticated cyber attacks easily circumvent traditional signature-based defenses, such as next-generation firewalls, IPS, anti-virus, and gateways. The FireEye Threat Prevention Platform provides real-time, dynamic threat protection without the use of signatures to protect an organization across the primary threat vectors and across the different stages of an attack life cycle. The core of the FireEye platform is a virtual execution engine, complemented by dynamic threat intelligence, to identify and block cyber attacks in real time. FireEye has over 2,500 customers across 65 countries, including over 150 of the Fortune 500.

About Mandiant

Mandiant, a FireEye company, has driven threat actors out of the computer networks and endpoints of hundreds of clients across every major industry. We are the go-to organization for the Fortune 500 and government agencies that want to defend against and respond to critical security incidents of all kinds. When intrusions are successful, Mandiant’s security consulting services – backed up by threat intelligence and technology from FireEye – help organizations respond and resecure their networks.

Forward-Looking Statements

This press release contains forward-looking statements, including statements related to the features, objectives and benefits of the Industrial Control System Security Gap Assessment and Cyber Defense Center Development offerings. These forward-looking statements involve risks and uncertainties, as well as assumptions which, if they do not fully materialize or prove incorrect, could cause the results of FireEye or Mandiant to differ materially from those expressed or implied by such forward-looking statements. The risks and uncertainties that could cause such results to differ materially from those expressed or implied by such forward-looking statements include the ability of FireEye and Mandiant to retain and recruit highly experienced and qualified personnel; customer demand for and market acceptance of such offerings; changes in the technology or the industries in which such offerings are related; competitive pressures faced by FireEye and Mandiant; and general market, political, economic, and business conditions; as well as those risks and uncertainties included under the captions “Risk Factors” and “Management’s Discussion and Analysis of Financial Condition and Results of Operations,” in FireEye’s quarterly report on Form 10-Q filed with the Securities and Exchange Commission on August 13, 2014, which is available on the Investor Relations section of the company’s website at investors.FireEye.com and on the SEC website at www.sec.gov. All forward-looking statements in this press release are based on information available to the company as of the date hereof, and FireEye does not assume any obligation to update the forward-looking statements provided to reflect events that occur or circumstances that exist after the date on which they were made. Any future service, feature, objective or benefit that may be referenced in this release are for information purposes only and are not commitments to deliver any service, feature, objective or benefit. FireEye reserves the right to modify future plans at any time.