As is often the case, the increased availability of PowerShell has paralleled the development of research on ways attackers can take advantage of it.

Many seemingly unrelated cyber attacks may, in fact, be part of a broader offensive fueled by a shared development and logistics infrastructure—a finding that suggests some targets are facing a more organized menace than they realize.

Dynamic-link library (DLL) side-loading is an increasingly popular cyber attack method that takes advantage of how Microsoft Windows applications handle DLL files.

Concerns over Russian espionage litter today’s headlines as regional threat actors influence high-profile international matters, including the 2016 U.S. presidential election and more.

APT1 is a single organization of operators that has conducted a cyber espionage campaign against a broad range of victims since at least 2006. From our observations, it is one of the most prolific cyber espionage groups in terms of the sheer quantity of information stolen. The scale and impact of APT1’s operations compelled us to write this report. The activity we have directly observed likely represents only a small fraction of the cyber espionage that APT1 has conducted.  Though our visibility of APT1’s activities is incomplete, we have analyzed the group’s intrusions against nearly 150 victims over seven years. From our unique vantage point responding to victims, we tracked APT1 back to four large networks in Shanghai, two of which are allocated directly to the Pudong New Area.  This report details the substantial amount of APT1’s attack infrastructure, command and control, and modus operandi (tools, tactics, and procedures) that we’ve uncovered. You can also access APT1: Digital appendix and indicators - A list of more than 3,000 APT1 indicators, including domain names, IP addresses, X.509 encryption certificates and MD5 hashes of malware in APT1's arsenal of digital weapons.