Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo

 

Unsupported browser: Your browser does not meet modern web standards. See how it scores »

The computer hacking group accused last week of being part of a specific unit of the Chinese military is apparently unfazed by the public attention triggered by a detailed report on its activities published by the security firm Mandiant. Another researcher tracking the group says that most of the infrastructure it had in place to carry out attacks remains in place.

“They shut down some of the infrastructure, but not much,” says Jaime Blasco, director of labs at security company AlienVault, who had been tracking the same group for several years. Blasco says that many of the group’s command-and-control servers—computers that act as relays between an attacker and the software placed inside a victim company—are still in place, and apparently active. “The group will not change much, because it works—they have been using the same infrastructure for years,” he says.

A spokesperson for Mandiant turned down a request to speak about the company’s latest information on the activity of the group (which is known as Advanced Persistent Threat 1, or APT1), saying only that some command-and-control servers had been seen to go offline.

Mandiant’s 60-page report was the most detailed public allegation yet that the Chinese military infiltrates companies in the U.S. and elsewhere. Other companies have made similar claims, but Mandiant, based in Washington, D.C., identified a specific army unit and even a specific office building in Shanghai’s suburbs as the origins of numerous attacks. Senator Dianne Feinstein, chair of the Senate Intelligence Committee, told MSNBC that the report was “essentially correct.”

Chinese officials have denied any link to what Mandiant and others have uncovered about the group, and all previous accusations of similar activity, such as those made by Google after it was breached by attackers looking for the e-mail accounts of Chinese dissidents (see “Google Reveals China Espionage Efforts”).

Aviv Raff, chief technology officer of Israeli security company Seculert, says that it wouldn’t be surprising for the group Mandiant calls APT1 to continue as usual despite the headlines about them. Some of their attacks and techniques had already been described publicly, he says. “I think this specific group doesn’t really care; we heard about these attacks for a long time,” says Raff.

A brazen response by attackers to the public discovery and detection of their technology and tactics is not unheard of. An attack known as Mahdi, discovered by researchers at Seculert and elsewhere last August (see “Bungling Cyber Spy Stalks Iran”), remains active, says Raff.

However, more sophisticated—if less prolific—groups believed to be backed by nation-states have been seen to change tactics after being exposed. “Red October went down quickly after it became public knowledge,” says Raff, referring to a large and apparently long-running campaign uncovered by Russian security firm Kaspersky in January and tracked by Seculert.

Sykipot, a campaign even more sophisticated than APT1 that targeted the U.S. defense sector and is also believed to originate in China, has since gone quiet, says Blasco, who tracked it closely. “It has been out for three to four years, and they have been adding new features and command and control infrastructure,” he says. “I lost the trail six months ago, and most of the command-and-control servers we knew are down.”

5 comments. Share your thoughts »

Tagged: Computing, Communications, Business, Web, China, hacking, Mandiant

Reprints and Permissions | Send feedback to the editor

From the Archives

Close

Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me
×

A Place of Inspiration

Understand the technologies that are changing business and driving the new global economy.

September 23-25, 2014
Register »