APT1: Exposing One of China's Cyber Espionage Units

docrice

Good reading.

http://intelreport.mandiant.com/Mandiant_APT1_Report.pdf

Find more posts tagged with

SAVE $250 on Your Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View Boot Camps

Comments

MSP-IT

And this is why I enjoy the field. Being a part of/defending against this type of activity is part of my dream career. I believe that this only breaks the surface of what is and what is to come.

YFZblu

Added to our team's Shift Turnover - Thanks docrice

the_Grinch

New York Times has a great article in regards to this. We're definitely behind the eight ball in all of this and I believe that a large portion of it is due to educational institutions refusing to train people in the "black" arts as it were. The US government complains of a lack of trained people (and refuses to bring in people that have the foundation, but lack the training) and universities aren't stepping up to fill those gaps. I often will read articles where a hiring manager at an agency will complain about the pay being a big reason why government cannot recruit good people. Now if a university had a great program (with a required coop or internship with an agency) when the student graduated they'd be more then happy to get a job making $50 to $60k a year. My first job was for $35k a year and took awhile to find, $50k to do security work would have been a dream.

I know some will debate with me whether or not universities are part of the issue, but I can point out examples. Just a sampling of the coursework offered at the university I work at shows how limited they are. Of the programs that would offer some kind of information assurance courses, most appear to be three course called "Computer and Network Security", "Computer Networks: Theory, Applications and Programming", and "Algorithmic Number Theory and Cryptography". Those courses are those offered by the Computer Science department and are ten weeks long (each). What sort of mindframe can you get in with a course that is ten weeks long? Or when your only options are three courses? Thankfully, in the program I was in, I took 17 different security courses. Some built on top of others and some were stand alone. The only bad part was it was all lab based, no coop or internship to see how things were done in the real world.

But the other thing was the university wasn't happy to offer said courses. One course ran through the process of hacking (CEH style) and it took fighting on the professors part to get the course run. The university nit picked so much that the course had to have a crazy title that anyone with have a brain would realize meant hacking.

Time to educate and get on course because we've been playing catch-up for years...the gap is only widening.

ipchain

Interesting read, thanks for sharing docrice. If the Chinese are doing this to us, I cannot even phantom what the Russians are doing.

coty24

ipchain wrote: »

Interesting read, thanks for sharing docrice. If the Chinese are doing this to us, I cannot even phantom what the Russians are doing.

+1 I just finished Zero Day and Trojan Horse, now I'm listening to Freedom (second book to Daemon). More on the Trojan Horse and Zero Day end; eerily similar

dbrink

ipchain wrote: »

Interesting read, thanks for sharing docrice. If the Chinese are doing this to us, I cannot even phantom what the Russians are doing.

I'm sure there are a lot of countries (including the US) that are doing this.

ipchain

dbrink wrote: »

I'm sure there are a lot of countries (including the US) that are doing this.

Agreed - At the end of the day, information is power and nations are beginning to realize that.

MSP-IT

dbrink wrote: »

I'm sure there are a lot of countries (including the US) that are doing this.

Like this?
U.S. Strategic Command - U.S. Cyber Command

Based on the post that I've seen here, the U.S. wants to get into Cyber Warfare/Defense, but has been too picky in the past with the kind of credentials they are looking for. I have a feeling we are far behind China at this point in time. If there was a "Cyber Command" consisting of 1000+ "Cyber Soldiers" like we saw evidence for in China, I have a feeling we would know. It's not exactly something that I think would be kept a secret, and I'm sure if something like there were to develop, TE would be one of the first places to find out.

the_Grinch

I tend to think that people are just confused. If you put together all the units in all the Armed Services that directly deal in Cyber Warfare, you would probably have a number that is over 1000. The thing China is doing is recruiting while students are in college and then onboarding them as soon as they are done. There's not boot camp, no A School/MOS School/Tech School. They are going from students to "members" in the employ of the PLA. I think you'll find they are a lot like contractors here in the US as they don't hold a military rank, but are paid directly by the government (instead of some third party defensive contracting firm).

I'll have to see if I can find the article where they interviewed a new graduate who was doing this work. At one point in the article he states he doesn't work for the government, but is receiving something like social security. The other point that many are failing to see is it isn't just a numbers issue. 10000 cyber warriors aren't going to magically make you more secure. Nor will 10000 make you that much better offensively. It is very much a quality over quantity. They really should treat it more like Special Forces, since it only requires a small group of well trained individuals to exact a large amount of damage.

JDMurray

the_Grinch wrote: »

10000 cyber warriors aren't going to magically make you more secure. Nor will 10000 make you that much better offensively.

I wonder how they train, organize, manage, and monitor a civilian cyber-work-force of those numbers. I also wonder how many of them are really just taking the gov's money while sitting around all day gold farming on WoW.

the_Grinch

JD you are right on the money. I interviewed for a position where they required linux skills, but once I talked to the manager she said I'd basically just be in charge of the contractors. There to make sure they are doing what their suppose to and that they actually know the job. She went on to say that maybe I'd do some hands on work. So it would seem the idea is to hire a government employee to babysit 10 to 15 contractors.

irondoor827@hotmail.com

why is America complaining if your getting Fu_ked by a Army you dont wake up and say " I got a wet ass'.............you instead start kicking behind or shut down their systems .....or get ready for more !!!