Jump to content

APT Groups Return - Chinese Hackers Resume Cyber Espionage Operations


Recommended Posts


Year back, one of the largest “Advanced Persistent Threat” (APT) hacking groups received widespread attention from the media and from the U.S. government. APT Groups are China’s cyber espionage units and they won’t stop their espionage operation, despite being exposed last year.

Yes, APT hacking groups, APT1 and APT12, are again making headlines. Without bothering that the world knows about its cyber hacking activities, the two of its major hacking groups have became once again active and have resumed their espionage operation, reports the security firm Mandiant.

A timeline of APT1 economic espionage conducted since 2006 and has systematically stolen confidential data from at least 141 organizations across multiple industries.

Mandiant, the FireEye owned company, announced in its M-Trend report that over the past year the firm has a close eye on the APT1 group, which it first exposed in February 2013.

It’s also been monitoring the second Chinese hackers group, APT12 that apparently hacked the New York Times in January 2013 compromising its networks over the course of past four months.

Last year Mandiant provided the evidence linked APT1 group to UNIT 61398 of China’s 2nd Bureau of the People’s Liberation Army (PLA), but Beijing has always denied the accusations, remarking the report as “full of loopholes” and stated, “Chinese laws prohibit any action including hacking that damages Internet security,” and added, “to accuse the Chinese military of launching cyber attacks without solid proof is unprofessional and baseless.

But the American computer security firm, Mandiant keep on following the groups’ activities. The report reads, “Mandiant’s continued observations of APT1 and APT12 activity, measured by command and control (C2) sessions, revealed a different response behind the scenes, suggesting a possible acknowledgement that both groups had been exposed.


But the accusations wasn’t able to stop both the groups from continuing the cyber attacks. Rather both the groups only changed their operational infrastructure and delayed their return.

Based on comparisons between APT1 and APT12 activity during 2013 and the previous three years, Mandiant believes that these threat groups responded to their public exposure in two ways. First, both groups delayed their return to normal operations following the end of the Chinese New Year holidays in February. Second, both groups quickly shifted their operational infrastructure to continue their activities,” the report reads.

Being following, Mandiant observed a longer period of inactivity but roughly 150 days after the article released in The New York Times, APT12 resumed its “pre-disclosure levels” of activity and APT1 resumed its consistent intrusion activity nearly 160 days after its exposure.

We believe APT1 and APT12 changed their exposed operational architecture in an attempt to obscure their future data theft operations,” said Mandiant.
It is believed that the intrusive cyber operations probably won’t stop, as the PRC is continuously denying engaging in the state sponsored data theft activities and even after the disclosure of both the groups they have resumed their espionage operation.
Link to comment
Share on other sites

  • Views 1.4k
  • Created
  • Last Reply

Top Posters In This Topic

  • Reefa


Popular Days

Top Posters In This Topic

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...