APT1 is a Chinese cyber espionage threat group. APT1 threat group is believed to be the second Bureau of People's Liberation Army. It is considered one of the most prolific cyber espionage group because of the quantity of information stolen by the threat group. The threat group is also known as Comment Crew, Comment Panda, Brown Fox, Byzantine Candor, Group 3, and GIF89a.
Worth noting - The threat group is active since 2006 and has stolen hundreds of terabytes of data from nearly 150 victims across 20 major industries until 2013.
The malware and malicious tools associated with the APT1 group includes Poison Ivy malware, Mimikatz exploit tool, SeaSalt, Ecltys trojan, Downbot trojan, Barkiofork Backdoor, AURIGA malware, and BANGAT malware.
The big picture
Once APT1 has gained access to the victim’s network, the threat group revisits the network over several months or years and then steals broad categories of information such as intellectual property, including technology blueprints, proprietary manufacturing processes, test results, business plans, pricing documents, partnership agreements, and emails and contact lists from victim organizations’ leadership.
The tools exclusively used the APT1 threat group includes GETMAIL and MAPIGET. Both the tools are designed to steal email.
By numbers
Cybercriminals linked to APT1 threat group
Researchers noted a threat actor who goes under the name ‘UglyGorilla’ has been active in computer network operations since October 2004 and his activities disclosed attributions to the APT1 threat group.
OceanSalt campaign linked to the APT1 threat group
In May 2018, a cyber espionage campaign dubbed ‘Operation Oceansalt’ targeted organizations across South Korea, US, and Canada with five attack waves. Researchers stated that the OceanSalt campaign was linked to the prolific cyber espionage group APT1.
Publisher