APT1 – Retreat, Re-tool, Regroup!

Prior to Mandiant’s “Dox” of APT1 (aka. Comment Crew) the group were the most sophisticated threat actor to date, scoring thousands of successful IP (intellectual property) stealing campaigns. The release of the Mandiant APT1 report earlier this year instantly begs the question, was it really the best course of action? Of course, releasing thousands of IOCs benefits organisations globally in detecting (in some cases – in hindsight) previous or on-going APT campaigns. However, the public release of information like this may have the opposite effect, enabling the threat actor to retreat, regroup and revamp their intrusion sets.

Having seen Comment Crew in action, I can safely say that this group is at the forefront of the cyber-espionage world. These guys use some of the most advanced techniques for infection, command & control, persistence and exfiltration.

If you haven’t already read the Mandiant APT1 report, it can be found at the links below:

Mandiant APT1 Report

Mandiant APT1 Appendix & Indicators

No doubt we will see APT1’s shiny new toolset sometime soon!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s