New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Mandiant report: APT1: Exposing One of China's Cyber Espionage Units
Some interesting stuff here...
http://intelreport.mandiant.com
This report is focused on the most prolific cyber espionage group Mandiant tracks: APT1. This single organization has conducted a cyber espionage campaign against a broad range of victims since at least 2006.
http://intelreport.mandiant.com/Mandiant_APT1_Report.pdf
Check out the digital appendix as well:
(more than 3,000 APT1 indicators including domain names, IP addresses, X.509 encryption certificates and MD5 hashes of malware in APT1's arsenal of digital weapons.)
http://intelreport.mandiant.com/Mandiant_APT1_Report_Appendix.zip
Comments
Thanks for sharing. Definitely want to find time to read that, looks like some good insight.
Seems to go far, had Level3 null one alleged Botnet C&C global today (and all that while we are in Austria and the IP was in HK - and we use Level3 in no location directly) - Tier1s have too much power by far...
@William - yep same here, they threatened to null-route one of our IP's, though Level3 gave no detail as to the alleged activity - just a link to the Mandiant report; I checked all the documents in the Mandiant report and no reference to the IP, so I think Level3 must be resolving the hostnames in the FQDN PDF from the Mandiant report? .. not sure
When I checked the IP, it was not assigned to any customer and not in use (no ARP or MAC).
Guess who's APT0? the United States of America.
http://www.networkworld.com/news/2013/022013-chinese-army-link-to-hack-266855.html?page=3