Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Mandiant report: APT1: Exposing One of China's Cyber Espionage Units
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Mandiant report: APT1: Exposing One of China's Cyber Espionage Units

twaintwain Member
edited February 2013 in General

Some interesting stuff here...

http://intelreport.mandiant.com

This report is focused on the most prolific cyber espionage group Mandiant tracks: APT1. This single organization has conducted a cyber espionage campaign against a broad range of victims since at least 2006.

http://intelreport.mandiant.com/Mandiant_APT1_Report.pdf

Check out the digital appendix as well:

(more than 3,000 APT1 indicators including domain names, IP addresses, X.509 encryption certificates and MD5 hashes of malware in APT1's arsenal of digital weapons.)

http://intelreport.mandiant.com/Mandiant_APT1_Report_Appendix.zip

Comments

  • jarjar Patron Provider, Top Host, Veteran

    Thanks for sharing. Definitely want to find time to read that, looks like some good insight.

  • WilliamWilliam Member
    edited February 2013

    Seems to go far, had Level3 null one alleged Botnet C&C global today (and all that while we are in Austria and the IP was in HK - and we use Level3 in no location directly) - Tier1s have too much power by far...

  • @William - yep same here, they threatened to null-route one of our IP's, though Level3 gave no detail as to the alleged activity - just a link to the Mandiant report; I checked all the documents in the Mandiant report and no reference to the IP, so I think Level3 must be resolving the hostnames in the FQDN PDF from the Mandiant report? .. not sure

    When I checked the IP, it was not assigned to any customer and not in use (no ARP or MAC).

Sign In or Register to comment.