12 Groups Carry Out Most APT Attacks

Security consultants and the feds are tracking a dozen groups--all out of China--responsible for advanced threats.

Concerned with the amount of U.S. intellectual property being stolen from corporate networks, a group of security professionals sat down and compared notes on the various groups they tracked. They came up with an approximate tally of attackers targeting the intellectual property of U.S. and multinational companies: An even dozen, and all thought to be Chinese.
High-tech firms, oil companies, and defense contractors have all fallen prey to the 12 teams out to steal trade secrets and sensitive or classified information. While attempting to identify and count the groups behind the attacks may seem like an academic exercise, its not, says Jon Ramsey, executive director of Dell Secureworks counter threat unit.
In the general scheme of things, knowing who your enemy is, is enlightening, he says.
One group, for example, is called the Comment Crew by Dell Secureworks because of its signature tactic of embedding command-and-control information in the comments of Web pages. Understanding that, if you wanted to deal with the major attack from this one group, you can strip all comments out of the HTML pages as they come into your Web proxy, Ramsey says. That is a pretty effective technique to deal with this one group.
Moreover, knowing whether an attacker is part of the advanced persistent threat (APT)--the term coined by the defense industry for attackers that dont go away--can determine whether a company calls in help. When a company
suspects that a persistent attacker has set up shop
inside their network, kicking them back out again is not easy, Richard Bejtlich, chief security officer for security consulting firm Mandiant, said in a recent interview.
Various attributes can be used to classify attackers into groups, including their tools and techniques, the characteristics of their infrastructure, and their targets. Mandiant, for example, keeps dossiers on the 12 groups it tracks, and when called in by a client, compares and gathers network intelligence with what it knows about the usual suspects. The company can analyze an incident under investigation and match it to various groups modes of operation, including their tools, the passwords, the encryption used, their command-and-control infrastructure, and their targets.
Read the rest of this article on
Dark Reading
.
Read our report on how to guard your systems from a SQL attack.
Download the report now
. (Free registration required.)

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
12 Groups Carry Out Most APT Attacks