Prior to Mandiant’s “Dox” of APT1 (aka. Comment Crew) the group were the most sophisticated threat actor to date, scoring thousands of successful IP (intellectual property) stealing campaigns. The release of the Mandiant APT1 report earlier this year instantly begs the question, was it really the best course of action? Of course, releasing thousands of IOCs benefits organisations globally in detecting (in some cases – in hindsight) previous or on-going APT campaigns. However, the public release of information like this may have the opposite effect, enabling the threat actor to retreat, regroup and revamp their intrusion sets.
Having seen Comment Crew in action, I can safely say that this group is at the forefront of the cyber-espionage world. These guys use some of the most advanced techniques for infection, command & control, persistence and exfiltration.
If you haven’t already read the Mandiant APT1 report, it can be found at the links below:
No doubt we will see APT1’s shiny new toolset sometime soon!