Threat Research Blog

A Look Back at APT1, Threat Actors, and Security

It's hard to believe that we've reached the end of another year. In the realm of cybersecurity, 2013 was a memorable year not for breaches, but for tectonic-level shifts that completely changed how we perceive cybersecurity and its impact on how we run our businesses, how our leaders govern, and more importantly, how we understand national security.

In other words, for those in the C-Suite, technical issues were tangible business problems. This was highlighted by our APT1 report and the growing awareness that cybersecurity threats aren't just irritating, they severely impact an organization's bottom line.

In case you missed some of our most read posts, here is a list that will give you insight into what content was top of mind with our Suite Spot M-Unition readers:

Mandiant Exposes APT1 - One of China's Cyber Espionage Units & Releases 3,000 Indicators

The Mandiant® Intelligence Center™ released an unprecedented report exposing APT1′s multi-year, enterprise-scale computer espionage campaign. APT1 is one of dozens of threat groups Mandiant tracks around the world and we consider it to be one of the most prolific in terms of the sheer quantity of information it has stolen.

Chinese Leadership Change and the Advanced Persistent Threat

We at Mandiant have considered the strategic impact of the Chinese change in leadership and its impact on Advanced Persistent Threat (APT) groups and the current cyber espionage campaign that has been traced back to the PRC. We have determined that the new leaders will only enhance the influence that the People's Liberation Army (PLA), State Owned Enterprises (SOE), and national-level central planning initiatives have already had in contributing to an environment which produces and nurtures APT.

APT1 Three Months Later - Significantly Impacted, Though Active & Rebuilding

Three months later, Mandiant has observed a decrease in APT1's operations. However, we can confirm that APT1 continues cyber espionage operations against targeted computer networks. While Mandiant's APT1 report seems to have affected APT1 operations, APT1 is still active using a well-coordinated and well-defined attack methodology against a wide set of industries - with a discernible post-report shift towards new tools and infrastructure.

Richard Bejtlich on His Latest Book, "The Practice of Network Security Monitoring"

Everyone wants to know how to find intruders on their networks. In this post, Richard Bejtlich writes about his first experiences learning to find intruders when he served in the Air Force Computer Emergency Response Team (AFCERT). These experiences spurred the decision to start writing books and to share his knowledge with the information security community. He also previews his latest book, "The Practice of Network Security Monitoring."