The Advanced Persistent Threat Files: APT1

We've heard a lot about Advanced Persistent Threats APTs over the past few years. As a refresher, APTs are prolonged, aimed attacks on specific targets with the intention to compromise their systems and gain information from or about that target. While the targets may be anyone or anything—a...

The Mysterious Return of Years-Old APT1 Malware

Security researchers have discovered a new instance code associated with APT1, a notorious Chinese hacking group that disappeared in 2013...

Bejtlich on the APT1 Report: No Hack Back

Before reading the rest of this post, I suggest reading Mandiant/FireEye's statement Doing Our Part -- Without Hacking Back. I would like to add my own color to this situation. First, at no time when I worked for Mandiant or FireEye, or afterwards, was there ever a notion that we would hack into...

Bejtlich Moves On

Exactly six years ago today I announced that I was joining Mandiant to become the company's first CSO. Today is my last day at FireEye, the company that bought Mandiant at the very end of 2013. The highlights of my time at Mandiant involved two sets of responsibilities. First, as CSO, I enjoyed...

Malicious File Detection: APT1 Software on System

Binary data wmiapt1filescan.nbin...

China Putter Panda APT Attacks Linked to PLA Unit 61486

With indictments still fresh against a handful of Chinese nationals accused of hacking American companies and stealing intellectual property, another branch of the People’s Liberation Army and allegedly one of its officers have been outed for cyberespionage against U.S. and European aerospace and...

APT Groups Return - Chinese Hackers Resume Cyber Espionage Operations

Year back, one of the largest “Advanced Persistent Threat” APT hacking groups received widespread attention from the media and from the U.S. government. APT Groups are China’s cyber espionage units and they won’t stop their espionage operation, despite being exposed last year. Yes, APT hacking...

Chinese Hackers Caught by US water control system Honeypots

A notorious Chinese hacker collective known as APT1 or Comment Crew, possibly linked to the Chinese Army, have been caught red handed breaking into a fake United States water control system i.e. known as a Honeypot. Kyle Wilhoit, a researcher with security company Trend Micro has just revealed th...

Chinese Hackers group 'Comment Crew' is still active and operating under cover

Security experts are confident that the Chinese hackers group known as Comment Crew is still operating under cover. “The Comment Crew is back again” this is the rumor within Intelligence community, researchers suspect the involvement of the group of hackers in the recent cyber dispute between U.S...

Experts Tell Congress Serious Deterrence Needed to Impede Foreign Cyber Attacks

The House Foreign Affairs Subcommittee on Europe, Eurasia, and Emerging Threats typically is more concerned with economics and political issues than cyber attacks, but the members spent this morning in a hearing trying to come up with an answer to a fairly straightforward, but thorny question: Wh...

APT1-Themed Spear Phishing Campaign Linked to China

Researchers at Seculert have discovered a link between spear phishing campaigns targeting Japanese and Chinese journalists, post-Mandiant’s APT1 report, and domains connected to the Aurora attacks on Google and the Shady RAT campaign. In particular, in the attacks against the Japanese, the malwar...

Spear Phishing Campaigns Use Fake Mandiant APT1 Report as Lure

People looking to download and read the Mandiant report on Chinese government attacks on U.S. infrastructure should look carefully at the name of the file before opening it. Researchers say that there are at least two different spear-phishing attacks going on right now that are using rigged copie...

Comment Crew Exposé a New Level of China Attack Attribution

China has been blamed for cyberattacks on every major industrial base in the United States—and even in some corners for the Super Bowl blackout. But most of it has been rampant speculation coupled with the lacing together of a number of loose ends. Examples of the kind of direct attribution to th...

Mandiant revealed Chinese APT1 Cyber Espionage campaign

Few weeks after the discovery of the sophisticated cyber espionage campaign against principal US media The Mandiant® Intelligence Center™ released an shocking report that reveals an enterprise-scale computer espionage campaign dubbed APT1. The term APT1 is referred to one of the numerous cyber...

Mandiant revealed Chinese APT1 Cyber Espionage campaign

Few weeks after the discovery of the sophisticated cyber espionage campaign against principal US media The Mandiant® Intelligence Center™ released an shocking report that reveals an enterprise-scale computer espionage campaign dubbed APT1. The term APT1 is referred to one of the numerous cyber...

Malicious Process Detection: APT1 Software Running

Binary data wmiapt1running.nbin...

APT1-Related SSL Certificate Detected

An SSL certificate associated with the group known as APT1 was detected on the remote host. APT1's command and control infrastructure uses several self-signed certificates to encrypt communications in their command and control infrastructure. The remote host appears to be using one of these...

ssl-known-key NSE Script

Checks whether the SSL certificate used by a host has a fingerprint that matches an included database of problematic keys. The only databases currently checked are the LittleBlackBox 0.1 database of compromised keys from various devices, some keys reportedly used by the Chinese state-sponsored...