SYMBOLCOMMON_NAMEaka. SYNONYMS

APT1  (Back to overview)

aka: COMMENT PANDA, PLA Unit 61398, Comment Crew, Byzantine Candor, Group 3, TG-8223, Comment Group, Brown Fox, GIF89a, ShadyRAT, G0006

PLA Unit 61398 (Chinese: 61398部队, Pinyin: 61398 bùduì) is the Military Unit Cover Designator (MUCD)[1] of a People's Liberation Army advanced persistent threat unit that has been alleged to be a source of Chinese computer hacking attacks


Associated Families
win.auriga win.bangat win.biscuit win.bouncer win.combos win.cookiebag win.dairy win.getmail win.glooxmail win.goggles win.hacksfase win.helauto win.kurton win.manitsme win.mapiget win.miniasp win.newsreels win.seasalt win.starsypound win.sword win.tabmsgsql win.tarsip win.webc2_adspace win.webc2_ausov win.webc2_bolid win.webc2_cson win.webc2_div win.webc2_greencat win.webc2_head win.webc2_kt3 win.webc2_qbp win.webc2_rave win.webc2_table win.webc2_ugx win.webc2_yahoo

References
2022-08-04MandiantMandiant
@online{mandiant:20220804:advanced:afb8956, author = {Mandiant}, title = {{Advanced Persistent Threats (APTs)}}, date = {2022-08-04}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/insights/apt-groups}, language = {English}, urldate = {2022-08-30} } Advanced Persistent Threats (APTs)
APT1 APT10 APT12 APT14 APT15 APT16 APT17 APT18 APT19 APT2 APT20 APT21 APT22 APT23 APT24 APT27 APT3 APT30 APT31 APT4 APT40 APT5 APT9 Naikon
2019-11-19FireEyeNalani Fraser, Kelli Vanderlee
@techreport{fraser:20191119:achievement:30aad54, author = {Nalani Fraser and Kelli Vanderlee}, title = {{Achievement Unlocked: Chinese Cyber Espionage Evolves to Support Higher Level Missions}}, date = {2019-11-19}, institution = {FireEye}, url = {https://www.fireeye.com/content/dam/fireeye-www/summit/cds-2019/presentations/cds19-executive-s08-achievement-unlocked.pdf}, language = {English}, urldate = {2022-09-12} } Achievement Unlocked: Chinese Cyber Espionage Evolves to Support Higher Level Missions
APT1 APT10 APT2 APT26 APT3 APT30 APT41 Naikon Tonto Team
2019Council on Foreign RelationsCyber Operations Tracker
@online{tracker:2019:pla:33f5d12, author = {Cyber Operations Tracker}, title = {{PLA Unit 61398}}, date = {2019}, organization = {Council on Foreign Relations}, url = {https://www.cfr.org/interactive/cyber-operations/pla-unit-61398}, language = {English}, urldate = {2019-12-20} } PLA Unit 61398
APT1
2019MITREMITRE ATT&CK
@online{attck:2019:apt1:9f69f1f, author = {MITRE ATT&CK}, title = {{Group description: APT1}}, date = {2019}, organization = {MITRE}, url = {https://attack.mitre.org/groups/G0006/}, language = {English}, urldate = {2019-12-20} } Group description: APT1
APT1
2018-10-18McAfeeRyan Sherstobitoff, Asheer Malhotra
@techreport{sherstobitoff:20181018:operation:f7a178c, author = {Ryan Sherstobitoff and Asheer Malhotra}, title = {{‘Operation Oceansalt’ Attacks South Korea, U.S., and Canada With Source Code From Chinese Hacker Group}}, date = {2018-10-18}, institution = {McAfee}, url = {https://www.mcafee.com/enterprise/en-us/assets/reports/rp-operation-oceansalt.pdf}, language = {English}, urldate = {2020-01-07} } ‘Operation Oceansalt’ Attacks South Korea, U.S., and Canada With Source Code From Chinese Hacker Group
Oceansalt APT1
2018-10-17Raj Samani, Ryan Sherstobitoff
@online{samani:20181017:operation:0b1d8ce, author = {Raj Samani and Ryan Sherstobitoff}, title = {{‘Operation Oceansalt’ Delivers Wave After Wave}}, date = {2018-10-17}, url = {https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/operation-oceansalt-delivers-wave-after-wave/}, language = {English}, urldate = {2019-10-17} } ‘Operation Oceansalt’ Delivers Wave After Wave
APT1
2018MandiantMandiant
@techreport{mandiant:2018:apt1:b76cc4d, author = {Mandiant}, title = {{APT1}}, date = {2018}, institution = {Mandiant}, url = {https://github.com/securitykitten/malware_references/blob/master/Appendix%20C%20(Digital)%20-%20The%20Malware%20Arsenal.pdf}, language = {English}, urldate = {2020-01-13} } APT1
Auriga Biscuit Bouncer Combos CookieBag Dairy GetMail GlooxMail Goggles Hacksfase Helauto Kurton ManItsMe MAPIget MiniASP NewsReels SeaSalt StarsyPound Sword TabMsgSQL Tarsip WebC2-AdSpace WebC2-Ausov WebC2-Bolid WebC2-Cson WebC2-DIV WebC2-GreenCat WebC2-Head WebC2-Kt3 WebC2-Qbp WebC2-Rave WebC2-Table WebC2-UGX WebC2-Yahoo
2018FireEyeFireEye
@techreport{fireeye:2018:forrester:ae307d3, author = {FireEye}, title = {{The Forrester New Wave™: External Threat Intelligence Services, Q3 2018.}}, date = {2018}, institution = {FireEye}, url = {http://intelreport.mandiant.com/Mandiant_APT1_Report.pdf}, language = {English}, urldate = {2020-01-08} } The Forrester New Wave™: External Threat Intelligence Services, Q3 2018.
APT1
2014-05-19The New York TimesMichael S. Schmidt, David E. Sanger
@online{schmidt:20140519:5:fcd4c7c, author = {Michael S. Schmidt and David E. Sanger}, title = {{5 in China Army Face U.S. Charges of Cyberattacks}}, date = {2014-05-19}, organization = {The New York Times}, url = {https://www.nytimes.com/2014/05/20/us/us-to-charge-chinese-workers-with-cyberspying.html}, language = {English}, urldate = {2020-01-13} } 5 in China Army Face U.S. Charges of Cyberattacks
APT1
2014-03-12FireEyeNed Moran, Mike Oppenheim
@online{moran:20140312:detailed:79efe09, author = {Ned Moran and Mike Oppenheim}, title = {{A Detailed Examination of the Siesta Campaign}}, date = {2014-03-12}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2014/03/a-detailed-examination-of-the-siesta-campaign.html}, language = {English}, urldate = {2019-12-20} } A Detailed Examination of the Siesta Campaign
APT1 Siesta
2014-03-06Trend MicroMaharlito Aquino
@online{aquino:20140306:siesta:9a574bc, author = {Maharlito Aquino}, title = {{The Siesta Campaign: A New Targeted Attack Awakens}}, date = {2014-03-06}, organization = {Trend Micro}, url = {https://blog.trendmicro.com/trendlabs-security-intelligence/the-siesta-campaign-a-new-targeted-attack-awakens/}, language = {English}, urldate = {2020-01-13} } The Siesta Campaign: A New Targeted Attack Awakens
APT1
2013-02-20FireEyeMandiant
@online{mandiant:20130220:1:7fa9646, author = {Mandiant}, title = {{APT 1 Malware Arsenal Technical Annex}}, date = {2013-02-20}, organization = {FireEye}, url = {https://www.slideshare.net/YuryChemerkin/appendix-c-digital-the-malware-arsenal}, language = {Mandiant}, urldate = {2020-01-08} } APT 1 Malware Arsenal Technical Annex
bangat
2013-02-19FireEyeFireEye
@techreport{fireeye:20130219:apt1:8d8a51a, author = {FireEye}, title = {{APT1: Exposing One of China’s Cyber Espionage Units}}, date = {2013-02-19}, institution = {FireEye}, url = {https://www.fireeye.com/content/dam/fireeye-www/services/pdfs/mandiant-apt1-report.pdf}, language = {English}, urldate = {2020-01-06} } APT1: Exposing One of China’s Cyber Espionage Units
APT1
2013-02-19WikipediaVarious
@online{various:20130219:pla:8419d10, author = {Various}, title = {{PLA Unit 61398}}, date = {2013-02-19}, organization = {Wikipedia}, url = {https://en.wikipedia.org/wiki/PLA_Unit_61398}, language = {English}, urldate = {2020-01-08} } PLA Unit 61398
APT1
2013-02-19SymantecA L Johnson
@online{johnson:20130219:apt1:ee9c94f, author = {A L Johnson}, title = {{APT1: Q&A on Attacks by the Comment Crew}}, date = {2013-02-19}, organization = {Symantec}, url = {https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument?DocumentKey=f1265df5-6e5e-4fcc-9828-d4ddbbafd3d7&CommunityKey=1ecf5f55-9545-44d6-b0f4-4e4a7f5f5e68&tab=librarydocuments}, language = {English}, urldate = {2020-04-21} } APT1: Q&A on Attacks by the Comment Crew
APT1

Credits: MISP Project