Chinese APT1 hacker group ends its spring break

According to a report in the New York Times, the hackers working for the Chinese military's Unit 61398 are thought to have launched a new wave of attacks on the US. In February 2013, a report by the newspaper had stated that cybersecurity firm Mandiant thought that there was conclusive evidence that many of the hacker attacks on the US originated from a special unit within the Chinese military. The attacks subsided after this. Now, Unit 61398, also known as the APT1 group, is thought to have resumed its activities using revised tools, new technologies and different servers.

Mandiant had informed the New York Times of a new attack wave from China as, apparently, many of the previously targeted companies have been attacked again. After consultation with its clients, however, the security firm hasn't named the victims. In the past, the APT1 group's victims included companies such as RSA, Lockheed Martin and Coca Cola.

At the White House, US National Security Council spokeswoman Caitlin Hayden said that China had last month agreed to form a new working group to start a dialogue on "cyber issues". Talking to the New York Times, Mandiant CEO Kevin Mandia explained that the resumed attacks should probably be regarded as "the new normal".

APT1 exploits badly patched systems around the globe for its attacks, said the executive. Apparently, small ISPs and online stores are being especially targeted for cyber espionage. Mandiant says that the malware that is used by Unit 61398 is almost unchanged, and that only minor code adjustments have been made.

Mandiant is a reputable US security firm and one of the top companies for computer forensics. The company says that the attack on the New York Times that was reported by the newspaper in January wasn't carried out by the APT1 group, and that other Chinese hackers are believed to have been behind it.

(fab)