APT1, Exposing One of China’s Cyber Espionage Units (2021)

Since 2004, Mandiant has investigated computer security breaches at hundreds of organizations around the world. The majority of these security breaches are attributed to advanced threat actors referred to as the “Advanced Persistent Threat” (APT). We first published details about the APT in our January 2010 M-Trends report. As we stated in the report, our position was that “The Chinese government may authorize this activity, but there’s no way to determine the extent of its involvement.”

Now, three years later, we have the evidence required to change our assessment. The details we have analyzed during hundreds of investigations convince us that the groups conducting these activities are based primarily in China and that the Chinese Government is aware of them.3 Mandiant continues to track dozens of APT groups around the world; however, this report is focused on the most prolific of these groups. We refer to this group as “APT1” and it is one of more than 20 APT groups with origins in China. APT1 is a single organization of operators that has conducted a cyber espionage campaign against a broad range of victims since at least 2006. From our observations, it is one of the most prolific cyber espionage groups in terms of the sheer quantity of information stolen. 

The scale and impact of APT1’s operations compelled us to write this report. 

Read more