Exploring APTs – #1
E

Thanks for all your feedback last week about which APTs you want us to investigate. After digging through the results, we’ve started with a blast from the past – a Chinese APT identified as the People’s Liberation Army Unit 61398. If you worked in cybersecurity around 2010, you might remember big-name attacks on companies like Google, Adobe, and Juniper Networks. Although largely assumed to have been inactive for a number of years, the US speculatively accused the Chinese government of cyber-spying – including APT1. 

What is APT1? 

APT1 is a group of hackers that is also known as “Comment Crew” or “Shanghai Group”. It is believed to be associated with the Chinese government and has been active since at least 2009, targeting a wide range of organizations, including government agencies, military contractors, and corporations. APT1 is known for its advanced tactics, techniques, and procedures, including the use of custom malware and complex network infrastructure, to conduct espionage and intellectual property theft. 

High-profile members of the PLA are still on the FBI’s Most Wanted List.

What have been the most damaging attacks that have been launched by APT1? 

APT1 has been involved in several high-profile and damaging cyber-attacks over the years, many of them causing serious damage to many companies and organizations. Some of the most notable include: 

  • Operation Aurora: In 2009 and 2010, APT1 targeted several high-tech companies, including Google, in a series of attacks that became known as Operation Aurora. The group stole source code and other sensitive intellectual property, as well as compromising the email accounts of Chinese human rights activists. 
  • RSA Security Attack: In 2011, APT1 successfully infiltrated RSA Security, a major provider of security solutions, and stole information related to the company’s secure authentication products. The stolen information was later used in a wider campaign to target defence contractors and other high-value targets. 
  • Operation Orenda: In 2013, APT1 was linked to a series of attacks against organizations in the defense and aerospace industries, which were collectively known as Operation Orenda. The group stole sensitive information related to military and commercial technologies, including designs for next-generation weapons systems. 

What was Operation Aurora? 

Operation Aurora was a cyber espionage campaign that was first discovered in 2009 and is believed to be the work of a Chinese state-sponsored hacking group. The operation targeted a wide range of organizations, including corporations, government agencies, and non-profit organizations, in order to steal sensitive information and intellectual property. 

The attackers used a combination of tactics, including the use of zero-day vulnerabilities and custom malware, to infiltrate targeted networks and steal sensitive data. The operation was highly sophisticated and allowed the attackers to evade detection for several years. 

The impact of Operation Aurora was significant, with the attackers stealing sensitive data and intellectual property from organizations across several industries, including the technology, defence, and financial sectors. The operation demonstrated the dangers posed by state-sponsored hacking campaigns and the importance of having strong cybersecurity measures in place to defend against these types of attacks. 

It is important to note that Operation Aurora is just one example of the activities of Chinese state-sponsored hacking groups, but these groups remain a significant threat to organizations worldwide. Despite efforts by law enforcement and the cybersecurity community, state-sponsored hacking campaigns continue to be a major threat to organizations and individuals alike. 

Who was hit worst by Operation Aurora? 

Operation Aurora was a highly sophisticated cyber espionage campaign that targeted a wide range of organizations, including corporations, government agencies, and non-profit organizations. Some of the most high-profile organizations that were affected by Operation Aurora include: 

Google: In 2010, Google announced that it had been the victim of a sophisticated cyberattack, later confirmed to be Operation Aurora. The attack resulted in the theft of sensitive information and intellectual property, as well as the compromise of several Google employees’ Gmail accounts. 

Adobe Systems: Adobe Systems was another high-profile victim of Operation Aurora. The company confirmed that it had been the victim of a sophisticated cyberattack in 2010, resulting in the theft of sensitive information and intellectual property. 

Juniper Networks: Juniper Networks was also affected by Operation Aurora, with the company confirming that it had been the victim of a sophisticated cyberattack in 2010. The attack resulted in the theft of sensitive information and intellectual property. 

It is difficult to determine which organization was the “worst affected” as the impact of Operation Aurora was significant for all of the targeted organizations. The attack resulted in the theft of sensitive information and intellectual property, as well as the compromise of several employees’ accounts. The operation demonstrated the dangers posed by state-sponsored hacking campaigns and the importance of having strong cybersecurity measures in place to defend against these types of attacks. 

Stay up to date with the latest threats

Our newsletter is packed with analysis of trending threats and attacks, practical tutorials, hands-on labs, and actionable content. No spam. No jibber jabber.