APT 1 is one of the most notorious groups of cyber attackers, who have been linked to China’s military and accused of stealing sensitive data from hundreds of organizations around the world.
What we know
APT 1 is also known as Unit 61398 of the People’s Liberation Army (PLA), which is China’s main military branch
APT 1 was exposed by Mandiant, a cyber security company, in a report published in 2013. The report revealed APT 1’s multi-year, enterprise-scale computer espionage campaign against 141 victims across multiple industries
APT 1’s targets included companies and organizations that were aligned with China’s 12th Five Year Plan, which outlined the country’s strategic goals and priorities for economic development and social welfare
APT 1 used a variety of tools and tactics to compromise and maintain access to their victims’ networks, such as spear phishing, custom backdoors, malware, and credential theft
APT 1’s average persistence on a target network was 356 days, meaning they stayed undetected for almost a year. They also had the ability to compromise a target using multiple attack vectors, making them harder to eradicate
APT 1’s operations were significantly disrupted after the Mandiant report, which exposed their physical location, infrastructure, and personnel. In 2015, the presidents of China and the US agreed to curb cyber espionage for economic gain, which also reduced the frequency and scope of APT 1’s activities