Mandiant APT1

Introduction

Mandiant uncovered Advanced Persistent Threat 1 and released a detailed report with a large number of very specific indicators of APT1.  The report provides an analysis that security teams can put to good use. Far too often, a security vendor will report about how they uncovered a breach, but often lack the details that would help security professionals to do better their job.  The Mandiant report has done the nation a solid by the document on which to base it plans. The purpose of this paper is to analyze the Mandiant (APT1) and also provided a detailed report of APT1 operations, along with threat posed by the group identified in the report to the United States of America and the defense of their homeland.

Mandiant report

According to the report, Mandiant, a variety of specific indicators that tie to APT1 were found. These include attacking ad infrastructure, MD5 hashes of APT1 malware, SSL certificates for encryptions, APT1 attacker’s traffic,  as well as a variety of other open-source “indicators of compromise”. The report exposed what appeared to be a state-sponsored hacking scheme from China. The Mandiant dubbed the report APT1. The report offers the reader an analysis of APT1, the group behind the attacks. It also entails a detailed explanation into different methods applied by the groups as well as indicators are applicable in security practices. APT1 persistent collects collector, once it acquires established access, to target’s network. It collects and steals sensitive information and intellectual property for the longest time possible.   APT1 typically maintained access to victim networks for approximately 356 days. The longest time stay on targets maintained in a target’s network was 1,764 days.  (Mandiant, 2013)

How APT1 threaten the U.S.

APT1 is a security risk on the United States of American.  The security risk presented by APT1 is equivalent to terrorisms.  Today hackers and viruses outrank terrorism as United States No. 1 security threat.   Various key people have consistently sounded an alarm on cyber war.  Cyber security is a threat of a new arena in warfare that could be as destructive terrorism.    The threat not only exposes the government and corporate to intellectual theft and intelligence but also the American citizen. The American citizens require appreciating the significance of the growing problem.  The majority of major corporations have already been penetrated by malware.  My greatest damage to the country is that it will lose its competitiveness by having all the research and development stolen by intruders.   The report provides very critical information that necessitates a quick action.  Given the complexity of the APT1 organization, it’s quite likely that they have the ability to change hashes, domains and certificates that were included in the report.   The danger is the difficulty in identifying an APT1 attack from the initial stage to and ongoing theft of data. As expected, APT1 makes use of highly targeted spear-phishing techniques to infect a target. Such include using fake email accounts in the name of individuals recognized by the target.  According to the report, once the infection is established, the attackers rely on a remote desktop protocol to govern the continuing attack. The type of protocol is apparently highly common on enterprise networks and can be controlled remotely. (Mandiant, 2013)

APT1 also employed various techniques to hide its communications using command-and-control servers. This makes the target more vulnerable as they may not easily notice the activities. This includes sharing data through HTTP purposefully written by the attackers, and a range of customized protocols designed to look like commonly used application traffic.  APT1 used these traffics along with SSL to obscure further the traffic. This is an emerging art that many citizens are not conversant with.  While certainly preventable through the use of threat prevention solutions and firewalls, its capability makes it easier to target any corporation, government, and individual.  (Brown, 2015)

How has the United States responded to the information outlined in this report?

Cyber security is a critical issue especially with the exponential increasing use of a number of devices connected to the Internet. Congress took action in response to the information outlined in the report.  Senators McCain, Levin, Rockefeller, and Coburn introduced S. 884, the Deter Cyber Theft Act. The Act would necessitate the Government to make public an annual report containing all foreign countries engaged in economic espionage and block imports from the listed nations. The imports made using stolen technologies and ideas would not sell in the United States market.  (Mandiant, 2013)

The Deter Cyber Theft Act is mainly keen on "foreign industrial and economic espionage," which did not come as a surprise to anyone following Congress's debate on how the country ought to tackle the problem of cyber security. The United States has been targeted of cyber security criminals from many countries including China in the past. The Act aims at addressing the regular hack attacks to US corporations’ targets to access industrial trade secrets. In this regard, using computers to attack the U.S. economy and hacking for corporate info are one and the same.  This bill was designed as a next step to punish actors economically. (Cohen, 2013)

References

Brown, E. A. (2015). Reducing the risk of cross-border trade secret misappropriation. Managing the Legal Nexus Between Intellectual Property and Employees: Domestic and Global Contexts, 183.

Cohen, A. (2013). Securing Trade Secrets in the Information Age: Upgrading the Economic Espionage Act after United States v. Aleynikov. Yale J. on Reg., 30, 189.

Sherry Roberts is the author of this paper. A senior editor at MeldaResearch.Com in Online Writing Services if you need a similar paper you can place your order from free essay writing services.