3. Fire Sale (is it a myth ?)
• Take Out Transportation
• Take Out Financial Base & Telecoms
• Take Out the Utilities & Power
Three Step Systematic Attack
4. Definition
• The term originally referred to nation-states
engaging in cyber espionage.
• What distinguishes an APT from other threats is that
it is targeted, persistent, evasive and advanced.
• APTs target specific organizations with the purpose of
stealing specific data or causing specific damage.
5. Stux Net
• It is the first discovered malware that spies on and subverts
industrial systems.
• Discovered in June 2010 and it is believed to have been created by
the United States and Israel to attack Iran's nuclear facilities
• The worm initially spreads indiscriminately, but includes a highly
specialized malware payload that is designed to target only
Siemens supervisory control and data acquisition (SCADA) systems
that are configured to control and monitor specific industrial
processes.
• On 1 June 2012, an article in The New York Times said that Stuxnet
is part of a U.S. and Israeli intelligence operation called "Operation
Olympic Games", started under President George W. Bush and
expanded under President Barack Obama.
6. Introducing APT1
• World next publicly available comprehensive report
on Advanced Persistent Threat
• Provided by Mandiant (www.mandiant.com)
• It’s a nickname for a group that being government
sponsored for doing specific attack and specific
purpose
• China is the suspected government that sponsored
the group
7. APT1 Group Structure
• APT1 is believed to be the 2nd Bureau of the PLA GSD 3rd
Dept, with MUCD Unit 61398
• For the Estimation Unit 61398 is staffed by hundreds, and
perhaps thousands of people based on the size of Unit
61398’s physical infrastructure
• Unit 61398 is partially situated on Datong Road (大同路) in
Gaoqiaozhen (高桥镇), which is located in the Pudong New
Area (浦东新区) of Shanghai (上海). The central building in
this compound is a 130,663 square foot facility that is 12
stories high and was built in early 2007
• Unit 61398 requires its personnel to be trained in computer
security and computer network operations and also requires
its personnel to be proficient in the English language
10. APT1 Data Breach Summary
• APT1 has systematically stolen hundreds of terabytes of data from
at least 141 organizations, and has demonstrated the capability and
intent to steal from dozens of organizations simultaneously.
• Once APT1 has established access, they periodically revisit the
victim’s network over several months or years and steal broad
categories of intellectual property, including technology blueprints,
proprietary manufacturing processes, test results, business plans,
pricing documents, partnership agreements, and emails and
contact lists from victim organizations’ leadership.
• The longest time period APT1 maintained access to a victim’s
network was 1,764 days, or four years and ten months.
• Among other large-scale thefts of intellectual property, we have
observed APT1 stealing 6.5 terabytes of compressed data from a
single organization over a ten-month time period.
11. APT1 Data Theft
• Product development and use, including information on test
results, system designs, product manuals, parts lists, and
simulation technologies;
• manufacturing procedures, such as descriptions of proprietary
processes, standards, and waste management processes;
• business plans, such as information on contract negotiation
positions and product pricing, legal events, mergers, joint
ventures, and acquisitions;
• policy positions and analysis, such as white papers, and
agendas and minutes from meetings involving high ranking
personnel; emails of high-ranking employees; and user
credentials and network architecture information.
13. APT1 Target Summary
• Since 2006, Mandiant has observed APT1 compromise
141 companies spanning 20 major industries.
• APT1 focuses on compromising organizations across a
broad range of industries in English-speaking countries.
• Of the 141 APT1 victims, 87% of them are headquartered
in countries where English is the native language.
• The industries APT1 targets match industries that China
has identified as strategic to their growth, including four
of the seven strategic emerging industries that China
identified in its 12th Five Year Plan.