A sophisticated series of hacking attacks is believed to be a concerted campaign by the People’s Liberation Army in China aimed at destabilising organisations and industries across the world.
Mandiant, a US-based computer security firm, has released a 60-page report detailing what it concludes are the activities of APT1 – which it believes is a cyber-warfare group sponsored by the Chinese government.
“Our analysis has led us to conclude that APT1 is likely government-sponsored and one of the most persistent of China’s cyber threat actors,” it says in the preamble to the report.
Highlights of the report, according to Mandiant, include:
* APT1 is believed to be the 2nd Bureau of the People’s Liberation Army (PLA) General Staff Department’s (GSD) 3rd Department, which is most commonly known by its Military Unit Cover Designator (MUCD) as Unit 61398.
* APT1 has systematically stolen hundreds of terabytes of data from at least 141 organisations.
* APT1 focuses on compromising organisations across a broad range of industries in English-speaking countries.
* APT1 maintains an extensive infrastructure of computer systems around the world.
* In over 97% of the 1 905 times Mandiant observed APT1 intruders connecting to their attack infrastructure, APT1 used IP addresses registered in Shanghai and systems set to use the Simplified Chinese language.
* The size of APT1’s infrastructure implies a large organisation with at least dozens, but potentially hundreds of human operators.
* In an effort to underscore that there are actual individuals behind the keyboard, Mandiant is revealing three personas that are associated with APT1 activity.
* Mandiant is releasing more than 3 000 indicators to bolster defenses against APT1 operations.