.

APT1: Exposing One of China's Cyber Espionage Units

<<

m0wgli

User avatar

Sr. Member
Sr. Member

Posts: 308

Joined: Fri Jul 20, 2012 3:34 pm

Post Tue Feb 19, 2013 9:39 am

APT1: Exposing One of China's Cyber Espionage Units

An interesting report from Mandiant on APT1: http://intelreport.mandiant.com/

This report is focused on the most prolific cyber espionage group Mandiant tracks: APT1. This single organization has conducted a cyber espionage campaign against a broad range of victims since at least 2006.
Security + | OSWP | eCPPT (Silver & Gold) | CSTA
<<

cd1zz

User avatar

Recruiters
Recruiters

Posts: 566

Joined: Sun Oct 03, 2010 9:01 pm

Post Tue Feb 19, 2013 10:07 am

Re: APT1: Exposing One of China's Cyber Espionage Units

It's fascinating. The level of detail is unbelievable.
<<

hurtl0cker

User avatar

Jr. Member
Jr. Member

Posts: 73

Joined: Thu Nov 18, 2010 10:09 am

Location: WWW

Post Wed Feb 20, 2013 12:12 am

Re: APT1: Exposing One of China's Cyber Espionage Units

An interesting counter to this report:
http://www.businessinsider.com/mandiant ... ned-2013-2

My point being, why is that China is pushed into the lime light when ever it comes to any incident involving cyber espionage? I mean they are not the only actors involved, there are other actors like Israel, Russia and USA itself doing the same stuff(allegedly).
“Knowing is not enough; we must apply. Willing is not enough: we must do.”
- Bruce Lee
<<

cd1zz

User avatar

Recruiters
Recruiters

Posts: 566

Joined: Sun Oct 03, 2010 9:01 pm

Post Wed Feb 20, 2013 9:33 am

Re: APT1: Exposing One of China's Cyber Espionage Units

That article you posted is interesting, they certainly have points. However, this report is based on a lot of data. The keyboard layouts that came across the RDP sessions didn't indicate Russian, they indicated Chinese. Just like in a court case, sometimes even if you don't have an actual video showing a person doing something, they can be convicted. IN this case, there is in fact a video to back it up, however we don't see the actual actor, which one could argue the video was fabricated. I for one, believe the data.

There is no doubt the US is doing similar activities, however, I don't believe they're stealing trade secrets unless its military secrets from other nations. I don't buy into the US using it for anything other than military purposes.
<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Wed Feb 20, 2013 3:27 pm

Re: APT1: Exposing One of China's Cyber Espionage Units

Like anything, it's about the money. China is about to overtake the US as the largest economy in the world. The have been doing it by stealing, manipulating currency, horrible labor practices as well as cyber warfare... you name it, China is doing it. This is why it always goes back to China.

<rant>I just wish we had the balls in the US to not only fight back but also call a spade a spade. China would not be in the position they're in without the US. So what are we so afraid of and why can't our leaders not only take action but also speak it outloud? Instead we get a bunch of wimps talking about trying to emulate China's economic model. Why? Because they say it's been successful. So are we willing to go down that path just to beat China at it's own game? That's so far beneath us and what we stand for as a freedom loving republic. We were number one by a long shot without having to emulate a Socialist country. If we just stand up and fight back, we can be again.</rant>

I'm just going to stop there before I get too heated.

Don
CISSP, MCSE, CSTA, Security+ SME
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1661

Joined: Mon Jan 29, 2007 2:59 pm

Post Wed Feb 20, 2013 4:46 pm

Re: APT1: Exposing One of China's Cyber Espionage Units

don wrote:<rant>I just wish we had the balls in the US to not only fight back but also call a spade a spade.
...
If we just stand up and fight back, we can be again.</rant>


^ what he said ^
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

cd1zz

User avatar

Recruiters
Recruiters

Posts: 566

Joined: Sun Oct 03, 2010 9:01 pm

Post Wed Feb 20, 2013 5:08 pm

Re: APT1: Exposing One of China's Cyber Espionage Units

My only fear about all this is that we suck at defense. I'm not sure we (USA)  could withstand a serious attack...
<<

ziggy_567

User avatar

Sr. Member
Sr. Member

Posts: 378

Joined: Tue Dec 30, 2008 1:53 pm

Post Wed Feb 20, 2013 5:13 pm

Re: APT1: Exposing One of China's Cyber Espionage Units

My only fear about all this is that we suck at defense. I'm not sure we (USA)  could withstand a serious attack...


Fortunately, I don't think we're the only ones!  ;D ;D ;D
--
Ziggy


eCPPT - GSEC - GCIH - GWAPT - GCUX - RHCE - SCSecA - Security+ - Network+
<<

Triban

User avatar

Hero Member
Hero Member

Posts: 620

Joined: Fri Feb 19, 2010 4:17 pm

Post Wed Feb 20, 2013 9:56 pm

Re: APT1: Exposing One of China's Cyber Espionage Units

cd1zz wrote:My only fear about all this is that we suck at defense. I'm not sure we (USA)  could withstand a serious attack...


I think the large difference (besides the population ;) ) is that China is filling the seats and training the people.  We are hung up on buying the next magic box rather than concentrating on building the skill pool up.  Where are the incentives to push future college students toward building their skills in the field?  I am not talking strictly the offensive, but we need skilled architects, sys admins, and developers who know how to properly build and manage their environments.

We are so focused looking out over the wall trying to find the next attack.  How do you prepare for an attack that could come from anywhere?  The energy is best spent ensuring that if an attack occurs the damage is kept to a minimum.  Stop buying more hardware and software and start using all the features of the stuff you already own!  Most of the major AV products have a number of features that are rarely used fully (app whitelisting, configured client firewalls, IPS etc..).  Segment the networks, not just to organize, but to limit unnecessary traffic from hopping across the network.  Not everyone needs to RDP into a file server, that can be limited through at least 3 different ways depending on the setups.  Ok I am starting to rant now...

As for the report, I will not deny that the information in the report is valuable to the defenders.  But obviously, at this point in time, the group has now changed it's tactics.  I suppose it will help find systems that have yet to be discovered.
Certs: GCWN
(@)Dewser
<<

alucian

User avatar

Full Member
Full Member

Posts: 228

Joined: Mon Dec 29, 2008 2:01 pm

Location: Montreal, Canada

Post Thu Feb 21, 2013 8:45 am

Re: APT1: Exposing One of China's Cyber Espionage Units

don wrote:Like anything, it's about the money. China is about to overtake the US as the largest economy in the world. The have been doing it by stealing, manipulating currency, horrible labor practices as well as cyber warfare... you name it, China is doing it. This is why it always goes back to China.

<rant>I just wish we had the balls in the US to not only fight back but also call a spade a spade. China would not be in the position they're in without the US. So what are we so afraid of and why can't our leaders not only take action but also speak it outloud? Instead we get a bunch of wimps talking about trying to emulate China's economic model. Why? Because they say it's been successful. So are we willing to go down that path just to beat China at it's own game? That's so far beneath us and what we stand for as a freedom loving republic. We were number one by a long shot without having to emulate a Socialist country. If we just stand up and fight back, we can be again.</rant>

I'm just going to stop there before I get too heated.

Don



I understand your frustration, but the problem is that without the $$$ from China, US will go broke in a month.

There is a very interesting series of books - Aftershock (Aftershock: Protect Yourself and Profit in the Next Global Financial Meltdown , and The Aftershock Investor: A Crash Course in Staying Afloat in a Sinking Economy ). Read them and you'll understand why they are so gentle with the chinese. The leaders love power and they don't want to loose it (a big crash will make many people loose their seats).

Another interesting read is "Bright-Sided: How Positive Thinking Is Undermining America ". Read it and you'll understand why we are here, in this bad economy, whith these not so good managers and leaders.
CISSP ISSAP, CISM/A, GWAPT, GCIH, GREM, GMOB, OSWP
<<

m0wgli

User avatar

Sr. Member
Sr. Member

Posts: 308

Joined: Fri Jul 20, 2012 3:34 pm

Post Fri Feb 22, 2013 4:01 pm

Re: APT1: Exposing One of China's Cyber Espionage Units

Threat Actors Using Mandiant APT1 Report as a Spear Phishing Lure

By Intel Team on February 21, 2013

It was only a matter of time. Today, Mandiant learned of at least two malicious versions of our APT1 report that attempt to lure users into opening PDF documents titled “Mandiant” and “Mandiant_APT2_Report.” We are currently tracking the threat actors behind the activity and have no indication that APT1 itself is associated with either variant.

Symantec  and Brandon Dixon’s 9B+ blog uncovered the two permutations of the report. Hashes for the malicious PDFs are available on their blogs. Thanks to both for posting their findings.

Mandiant has not been compromised. Reports downloaded, previously and currently from our website, do not contain exploits.

We recommend that you only retrieve Mandiant’s reports from: http://intelreport.mandiant.com, then check the hash of the downloaded files against the hashes posted on our web site.
Tags: Advanced Persistent Threat, APT1, Brandon Dixon, Symantec
Category: The Suite Spot


Source: https://www.mandiant.com/blog/threat-ac ... hing-lure/
Security + | OSWP | eCPPT (Silver & Gold) | CSTA
<<

Joshsevo

User avatar

Sr. Member
Sr. Member

Posts: 281

Joined: Tue Dec 29, 2009 11:00 pm

Post Sat Feb 23, 2013 10:01 pm

Re: APT1: Exposing One of China's Cyber Espionage Units

One of the issues that we have here is that people are not scared of the Gov/Military and want to discredit them as soon as they get a chance. Whereas in China the Gov/ Military are held in high esteem so they have the complete public backing and you have students that want have passion about their countries progression.

They recruit their kids out of HS to begin hacking targets against the US.  Whereas here in the US the kids in HS are hacking their schools printers or networks or going after larger targets.  Kids these days think that Anon and lulzsec are fighting for them when in fact they fight for their own ideology where they see fit.  We need to start when kids are younger and get them in the correct thought process or at least that hacking the gov isn't helping anything.  Uncovering state secrets is hurting us economically....this is the hard part though.  Getting young people to think like an adult and rethink their actions. 

If the US was attacked by a Cyber Attack I think that it would be like WW2 where the Japanese Admiral stated : "I fear all we have done is to awaken a sleeping giant. Yamamoto.. The admiral was later discovered to be flying from one island to another and we shot all of his escort planes and also his plane down.  In this same aspect I think if China launched an attack that disabled us for a while they would have more that they can handle. 
Security+, Network+, C|EH, CHFI, CPT
<<

Triban

User avatar

Hero Member
Hero Member

Posts: 620

Joined: Fri Feb 19, 2010 4:17 pm

Post Sun Feb 24, 2013 7:47 am

Re: APT1: Exposing One of China's Cyber Espionage Units

I think (and this is just my personal opinion) is that China's goal, at this time, is to grab data.  Get IP from our defense contractors that can be used in two ways.  To boost their own economic strength by reproducing our products and/or sell the data to an allied country. In the future that could change.  Countries like Iran and North Korea would certainly be higher on the list of suspects if an attack on the infrastructure occurred.  There is also nothing to say that China would not provide such services if the price is right but that may be more along the lines of what the RBN provides.  Granted in this example, the source appears to be Chinese in origin, it doesn't necessarily mean the job originated there.
Certs: GCWN
(@)Dewser

Return to Cyber Warfare

Who is online

Users browsing this forum: No registered users and 1 guest

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software