APT1

Also known as: Comment Crew, Comment Group

First known appearance: 2006

Threat Actors: Communist Party of China, Chinese People’s Liberation Army Unit 6138

Targets: Corporations across a broad range of industries in English-speaking countries

Objective: To steal broad categories of intellectual property (IP), including technology blueprints, proprietary manufacturing processes, test results, business plans, pricing documents, partnership agreements, emails and contact lists.

Overview: APT1 has systematically stolen hundreds of terabytes of data from at least 141 organizations spanning 20 major industries. APT1 specifically targets industries that China identifies as strategic in its five-year plan. Once APT1 has established access to a network, it periodically revisits that network over months or years.

Associated malware: Trojan Ecltys, Backdoor, Barkiofork, Backdoor. Wakeminap, Trojan.Downbot, Backdoor.Dalbot. Backdoor.Revird, Trojan.Badname, Backdoor.Wualess.

Typical attack vectors: APT1 uses spear-phishing attacks or backdoors to gain a foothold and then uses publically available tools to escalate privileges. Employing built-in operating system commands, APT1 then explores the compromised system and its network environment. Files of interest are packed into archives and sent back to China via file transfer protocol (FTP).

 

World political