APT1

APT1 is a Chinese threat actor in the 2nd Bureau of the Chinese People’s Liberation Army (PLA). They are within the General Staff Department’s (GSD) 3rd Department, known by Military Unit Cover Designator as the infamous Unit 61398. APT1 has continually launched various cyberattacks against global industries and government organizations.

Some of the best data available on APT1 has been released in a seminal research report from Mandiant.Mandiant’s data and exposure of APT1 have resulted from being involved in the forensic analysis of data breaches and security incidents at hundreds of organizations worldwide. As a result, Mandiant has been reasonably confident that APT1, along with many other APT groups, has origins in mainland China and appears to receive funding from the Chinese Government.

APT appears to be a single threat actor group operating since 2006. APT1 is believed to be among the top groups in the world in terms of data successfully breached and exfiltrated. Amazingly, APT1 appears to be located in offices with over 12 stories and over 130,000 square feet. This facility seems to have hundreds of personnel residents, almost all of which are computer security trained and English proficient.

APT1 seems to target a wide variety of industries and Governments within English-speaking countries. Mandiant’s data showed that approximately 87% of the victims they investigated were in countries where English is the primary native language. To support these efforts, APT1 has control of literally thousands of systems. Well over 900 command and control servers which are, in turn, hosted on over 800 unique IP addresses in 13 countries. Over 700 C&C server addresses were in China, and over 100 were in the United States.

The massive size of APT1’s operations and other closely related APT groups that China likely funds have raised the bar for organizations that wish to defend against these threats. Public knowledge of their operations sheds short-term light on APT1 activities, but this then causes them to rebuild new tools, change techniques, and further obfuscate their malicious actions.

Want to learn more? Check out our FREE Bugcrowd University to sharpen your hacking skills.

Organizations the world over need your help! Join our researcher community to connect with hundreds of organization programs focused on finding their security vulnerabilities. Our vast directory includes programs for all skill levels across many industries and from around the world.