http://intelreport.mandiant.com/Mandiant_APT1_Report.pdf
New found wealth has got a lot of confidence to Communist Party of China. They officially lie and deny all these " allegations"
Chinese communist Party closes its own citizens from free information flow over the internet but uses it for hacking others networks.
Mandiant claims Unit 61398:
--> New found wealth has got a lot of confidence to Communist Party of China. They officially lie and deny all these " allegations"
Chinese communist Party closes its own citizens from free information flow over the internet but uses it for hacking others networks.
Mandiant claims Unit 61398:
- Employs hundreds, perhaps thousands of personnel
- Requires personnel trained in computer security and computer network operations
- Requires personnel proficient in the English language
- Has large-scale infrastructure and facilities in the Pudong New Area of Shanghai
- Was the beneficiary of special fibre optic communication infrastructure provided by state-owned enterprise China Telecom in the name of national defence.
An explosive security report has pinned the majority of China-based attacks against the US to an army of hackers working for the People's Liberation Army out of a nondescript building on the outskirts of Shanghai. The report, by security firm Mandian, claims P.L.A Unit 61398 operates out of the complex and is responsible for a deluge of hacking traffic originating in and around it.Members of an infamous group known in most instances as Comment Crew or Shanghai Group were allegedly tracked to the P.L.A unit and the building.
It said public accounts of data breaches against US security firms, critical infrastructure, and industrial control system and SCADA operators to a persistent and government-backed hacking outfit operating out of the white Shanghai apartment block. "We believe that organisations in all industries related to China’s strategic priorities are potential targets of APT1’s (the group) comprehensive cyber espionage campaign," ther report stated. "While we have certainly seen the group target some industries more heavily than others, our observations confirm that APT1 has targeted at least four of the seven strategic emerging industries that China identified in its 12th Five Year Plan."
Mandiant researchers correlated data IP addresses, toolsets and social engineering information to pin the attacks to the hacking group. Beijing deniedthe accusations to the New York Times, and reiterated its affirmation that it is not involved in hacking which it considers illegal.
Chinese hackers have left a trail of victims including SCADA software outfits Telvent and Digital Bond, and security firm Alient Vault which had links to sensitive information on the US' defensive preparedness against hacking, according to the report.Hackers were also involved in the Shady Rathacking campaign which was billed as a massive global espionage attack that hit some 75 organisations, the report said. APT1 is one of scores of such collectives researchers say operate out of China at the behest of Beijing. It started operating and first came to the public light in 2006 when Symantec's Japan office described a host which was operated by a hacker known as Ugly Gorilla, who was tracked in the research.
"APT1 has a well-defined attack methodology, honed over years and designed to steal massive quantities of intellectual property. They begin with aggressive spear phishing, proceed to deploy custom digital weapons, and end by exporting compressed bundles of files to China – before beginning the cycle again," the report stated.They employ good English — with acceptable slang — in their socially engineered emails. They have evolved their digital weapons for more than seven years, resulting in continual upgrades as part of their own software release cycle. Their ability to adapt to their environment and spread across systems makes them effective in enterprise environments with trust relationships."
APT1 typically established a foothold in organisations via a well-written spear phishing attempt containing malicious pdf files within a compressed zip. It also used custom backdoors, thought to be previously unknown, of which 42 families were detailed by Mandiant."We usually detect multiple families of APT1 backdoors scattered around a victim network when APT1 has been present for more than a few weeks," the report said. The group's average infiltration lasted 356 days, with the longest stretching to four years and 10 months. The most amount of data stolen from a single organisation was 6.5 terabytes, extracted over 10 months.
The group was also unique in that it utilised unique attack vectors including GETMAIL which helped to steal email. Once the attackers compromised a network they were difficult to detect, the report said, because they connected to shared resources and could execute commands on other systems using Microsoft's psexec tool or Windows Task Scheduler."These actions are hard to detect because legitimate system administrators also use these techniques to perform actions around the network."
No comments:
Post a Comment