cloud.google.com
Open in
urlscan Pro
2a00:1450:4001:831::200e
Public Scan
Submitted URL: https://www.fireeye.com/content/dam/fireeye-www/services/pdfs/mandiant-apt1-report.pdf
Effective URL: https://cloud.google.com/blog/topics/threat-intelligence/mandiant-exposes-apt1-chinas-cyber-espionage-units?hl=en
Submission: On October 11 via api from US — Scanned from DE
Effective URL: https://cloud.google.com/blog/topics/threat-intelligence/mandiant-exposes-apt1-chinas-cyber-espionage-units?hl=en
Submission: On October 11 via api from US — Scanned from DE
Form analysis 2 forms found in the DOM
/blog/search/
<form action="/blog/search/" class="A2C6Ob"><input class="BAhdXd" jsname="oJAbI" name="query" type="text" placeholder="Find an article..."><input type="hidden" name="language" value="en" hidden=""><input type="hidden" name="category" value="article"
hidden=""><input type="hidden" name="paginate" value="25" hidden=""><input type="hidden" name="order" value="newest" hidden=""><input type="hidden" name="hl" value="en" hidden=""><span class="A0lwXc" jsname="D8MWrd"
aria-label="Show the search input field." role="button" jsaction="click:jUF4E"><svg class="nRhiJb-Bz112c nRhiJb-Bz112c-OWXEXe-xgZe3c" viewBox="0 0 24 24" role="presentation" aria-hidden="true" width="40" height="22">
<path d="M20.49 19l-5.73-5.73C15.53 12.2 16 10.91 16 9.5A6.5 6.5 0 1 0 9.5 16c1.41 0 2.7-.47 3.77-1.24L19 20.49 20.49 19zM5 9.5C5 7.01 7.01 5 9.5 5S14 7.01 14 9.5 11.99 14 9.5 14 5 11.99 5 9.5z"></path>
</svg></span></form>/blog/search/
<form action="/blog/search/" class="A2C6Ob"><input class="BAhdXd" jsname="oJAbI" name="query" type="text" placeholder="Find an article..."><input type="hidden" name="language" value="en" hidden=""><input type="hidden" name="category" value="article"
hidden=""><input type="hidden" name="paginate" value="25" hidden=""><input type="hidden" name="order" value="newest" hidden=""><input type="hidden" name="hl" value="en" hidden=""><span class="A0lwXc" jsname="D8MWrd"
aria-label="Show the search input field." role="button" jsaction="click:jUF4E"><svg class="nRhiJb-Bz112c nRhiJb-Bz112c-OWXEXe-xgZe3c" viewBox="0 0 24 24" role="presentation" aria-hidden="true" width="40" height="22">
<path d="M20.49 19l-5.73-5.73C15.53 12.2 16 10.91 16 9.5A6.5 6.5 0 1 0 9.5 16c1.41 0 2.7-.47 3.77-1.24L19 20.49 20.49 19zM5 9.5C5 7.01 7.01 5 9.5 5S14 7.01 14 9.5 11.99 14 9.5 14 5 11.99 5 9.5z"></path>
</svg></span></form>Text Content
cloud.google.com uses cookies from Google to deliver and enhance the quality of
its services and to analyze traffic. Learn more.
Hide
Jump to Content
Cloud
Blog
Contact sales Get started for free
Cloud
Blog
Solutions & technology
Security
Ecosystem
Industries
* Solutions & technology
* Ecosystem
* Developers & Practitioners
* Transform with Google Cloud
* AI & Machine Learning
* API Management
* Application Development
* Application Modernization
* Chrome Enterprise
* Compute
* Containers & Kubernetes
* Data Analytics
* Databases
* DevOps & SRE
* Maps & Geospatial
* Security
* Infrastructure
* Infrastructure Modernization
* Networking
* Productivity & Collaboration
* SAP on Google Cloud
* Storage & Data Transfer
* Sustainability
* Security & Identity
* Threat Intelligence
* IT Leaders
* Industries
* Partners
* Startups & SMB
* Training & Certifications
* Inside Google Cloud
* Google Cloud Next & Events
* Google Maps Platform
* Google Workspace
* Financial Services
* Healthcare & Life Sciences
* Manufacturing
* Media & Entertainment
* Public Sector
* Retail
* Supply Chain
* Telecommunications
* Solutions & technology
* AI & Machine Learning
* API Management
* Application Development
* Application Modernization
* Chrome Enterprise
* Compute
* Containers & Kubernetes
* Data Analytics
* Databases
* DevOps & SRE
* Maps & Geospatial
* Security
* Security & Identity
* Threat Intelligence
* Infrastructure
* Infrastructure Modernization
* Networking
* Productivity & Collaboration
* SAP on Google Cloud
* Storage & Data Transfer
* Sustainability
* Ecosystem
* IT Leaders
* Industries
* Financial Services
* Healthcare & Life Sciences
* Manufacturing
* Media & Entertainment
* Public Sector
* Retail
* Supply Chain
* Telecommunications
* Partners
* Startups & SMB
* Training & Certifications
* Inside Google Cloud
* Google Cloud Next & Events
* Google Maps Platform
* Google Workspace
* Developers & Practitioners
* Transform with Google Cloud
Contact sales Get started for free
Threat Intelligence
MANDIANT EXPOSES APT1 – ONE OF CHINA'S CYBER ESPIONAGE UNITS – AND RELEASES
3,000 INDICATORS
February 19, 2013
*
*
*
*
MANDIANT
Written by: Dan Mcwhorter
--------------------------------------------------------------------------------
Today, The Mandiant® Intelligence Center™ released an unprecedented report
exposing APT1's multi-year, enterprise-scale computer espionage campaign. APT1
is one of dozens of threat groups Mandiant tracks around the world and we
consider it to be one of the most prolific in terms of the sheer quantity of
information it has stolen.
Highlights of the report include:
* Evidence linking APT1 to China's 2nd Bureau of the People's Liberation Army
(PLA) General Staff Department's (GSD) 3rd Department (Military Cover
Designator 61398).
* A timeline of APT1 economic espionage conducted since 2006 against 141
victims across multiple industries.
* APT1's modus operandi (tools, tactics, procedures) including a compilation of
videos showing actual APT1 activity.
* The timeline and details of over 40 APT1 malware families.
* The timeline and details of APT1's extensive attack infrastructure.
Mandiant is also releasing a digital appendix with more than 3,000 indicators to
bolster defenses against APT1 operations. This appendix includes:
* Digital delivery of over 3,000 APT1 indicators, such as domain names, and MD5
hashes of malware.
* Thirteen (13) X.509 encryption certificates used by APT1.
* A set of APT1 Indicators of Compromise (IOCs) and detailed descriptions of
over 40 malware families in APT1's arsenal of digital weapons.
* IOCs that can be used in conjunction with Redline™, Mandiant's free
host-based investigative tool, or with Mandiant Intelligent Response® (MIR),
Mandiant's commercial enterprise investigative tool.
The scale and impact of APT1's operations compelled us to write this report. The
decision to publish a significant part of our intelligence about Unit 61398 was
a painstaking one. What started as a "what if" discussion about our traditional
non-disclosure policy quickly turned into the realization that the positive
impact resulting from our decision to expose APT1 outweighed the risk of losing
much of our ability to collect intelligence on this particular APT group. It is
time to acknowledge the threat is originating from China, and we wanted to do
our part to arm and prepare security professionals to combat the threat
effectively. The issue of attribution has always been a missing link in the
public's understanding of the landscape of APT cyber espionage. Without
establishing a solid connection to China, there will always be room for
observers to dismiss APT actions as uncoordinated, solely criminal in nature, or
peripheral to larger national security and global economic concerns. We hope
that this report will lead to increased understanding and coordinated action in
countering APT network breaches.
We recognize that no one entity can understand the entire complex picture that
many years of intense cyber espionage by a single group creates. We look forward
to seeing the surge of data and conversations a report like this will likely
generate.
Dan McWhorter
Managing Director, Threat Intelligence
Posted in
* Threat Intelligence
* Security & Identity
RELATED ARTICLES
Threat Intelligence
CAPA EXPLORER WEB: A WEB-BASED TOOL FOR PROGRAM CAPABILITY ANALYSIS
By Mandiant • 6-minute read
Threat Intelligence
LUMMAC2: OBFUSCATION THROUGH INDIRECT CONTROL FLOW
By Mandiant • 23-minute read
Threat Intelligence
STAYING A STEP AHEAD: MITIGATING THE DPRK IT WORKER THREAT
By Mandiant • 25-minute read
Threat Intelligence
UNC1860 AND THE TEMPLE OF OATS: IRAN’S HIDDEN HAND IN MIDDLE EASTERN NETWORKS
By Mandiant • 21-minute read
FOOTER LINKS
FOLLOW US
*
*
*
*
*
* Google Cloud
* Google Cloud Products
* Privacy
* Terms
* Cookies management controls
* Help
* LanguageEnglishDeutschFrançais한국어日本語