The company that helped uncover major online security breaches from China last year says exposing the hackers had the effect of shutting them down — at least temporarily.
Last year, the New York Times reported on what it believed to be an elite Chinese military unit that had been sitting on its networks, quietly spying on it and countless other U.S. companies. The news kicked off months’ worth of debate about America’s exposure to cyberattack.
The unit, labeled as “Advanced Persistent Threat 1” or APT1 by the independent security firm Mandiant, usually communicates with the malware it has installed in various targets year-round.
According to a new report from Mandiant published on Thursday, APT1 ceased virtually all its activity in early 2013.
An unusual behavior for this group was compared to previous years. And found an abnormal pattern compared to other threats Mandiant tracks and that it says are based in China.
After the Times report, this advanced persistent threat didn’t stop its activities for more than a couple months. If anything, its command and control communications seemed to intensify in late summer last year compared to previous years.
“This is actually fascinating evidence (data in graphs by Mandiant) that shows that you have an adaptive adversary,” said Allan Friedman, a cybersecurity scholar at George Washington University. “If we interpret this as a fairly complete sample, then it looks like they shut down things as soon as this information was published.”
That’s supported by another finding in the Mandiant report showing that APT1 abruptly changed the IP addresses it was using to access its malware when Mandiant issued its own profile on the hacking unit.
The drop in activity may also suggest that “naming and shaming” by the United States is a viable tactic, said Jason Healey, a cyber-scholar at the Washington-based Atlantic Council.
What’s still unclear is who arranged the change in behavior. It’s possible that higher-ups in the Chinese government were not aware of what APT1 was doing, said Friedman. If that’s the case, he said, then upon seeing the U.S. reports, Beijing may have called down to stop the activity because it didn’t serve China’s strategic mission. But Friedman adds there’s also a chance that APT1’s espionage was part of an officially sanctioned program, and that when APT1 was detected, its tactics changed simply to limit the Chinese government’s exposure to criticism.
The post China’s Elite Hacking Unit Disappeared Inexplicably appeared first on Am I Hacker Proof.
View full post on Am I Hacker Proof