APT1 is back, attacks many of the initial U.S. corporate targets
Posted on 21 May 2013.
The APT1 hacker group is back to its old tricks, targeting a big number of organizations and businesses and, among them, many of those that they have previously breached, Mandiant has confirmed.


In the report that the cybersecurity firm published in February and that tied the group to Unit 61398 of the Peopleís Liberation Army they expressed the belief that the group will simply change their attack techniques and continue to do what they did best: compromising business systems of (mostly) U.S. companies and stealing intellectual property.

As it turns out, they were right. After a few months of extremely little activity, the group has launched new attacks.

"APT1 is still active using a well-coordinated and well-defined attack methodology against a wide set of industries ó with a discernible post-report shift towards new tools and infrastructure," the company says.

According to a report requested from Mandiant by the NYT, the group has slowly rebuilt its attack infrastructure by targeting mostly small ISPs and online shops, and is now operating at 60-70 percent of the level they were working at before.

The company says that the group has minimally changed the malware they used in the first attacks and are have again managed to compromise some previously attacked targets. Mandiant is prevented by contract from sharing which, but we know that Coca Cola, RSA, and Lockheed Martin (but not the New York Times) were among the ones targeted in the first place.

But the thing that I would like to know the most - and it isn't addressed at all - is how did they actually manage to do it again, considering that the targets must have upped their defenses after those initial compromises.









Spotlight

Bash Shellshock bug: More attacks, more patches

Posted on 29 September 2014.  |  As vendors scramble to issue patches for the GNU Bash Shellshock bug and companies rush to implement them, attackers around the world are probing systems for the hole it opens.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Tue, Sep 30th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //