NYT covers China cyberthreat
Scott Weeks
surfer at mauigateway.com
Wed Feb 20 19:34:20 UTC 2013
--- Valdis.Kletnieks at vt.edu wrote:
On Wed, 20 Feb 2013 15:39:42 +0900, Randy Bush said:
> boys and girls, all the cyber-capable countries are cyber-culpable. you
> can bet that they are all snooping and attacking eachother, the united
> states no less than the rest. news at eleven.
The scary part is that so many things got hacked by a bunch of people
who made the totally noob mistake of launching all their attacks from
the same place....
------------------------------------------------
Maybe. The report says the following, but it doesn't make clear
(I'm only on page 31, so I don't know if they do later in the report)
if this is a small botnet, or individuals manning the 937 C&C servers:
»» APT1 controls thousands of systems in support of their computer
intrusion activities.
»» In the last two years we have observed APT1 establish a minimum of
937 Command and Control (C2) servers hosted on 849 distinct IP addresses
in 13 countries. The majority of these 849 unique IP addresses were
registered to organizations in China (709), followed by the U.S. (109).
»» In the last three years we have observed APT1 use fully qualified
domain names (FQDNs) resolving to 988 unique IP addresses.
»» Over a two-year period (January 2011 to January 2013) we confirmed
1,905 instances of APT1 actors logging into their attack infrastructure
from 832 different IP addresses with Remote Desktop, a tool that provides
a remote user with an interactive graphical interface to a system.
»» In the last several years we have confirmed 2,551 FQDNs attributed to
APT1.
»» We observed 767 separate instances in which APT1 intruders used the
“HUC Packet Transmit Tool” or HTRAN to communicate between 614 distinct
routable IP addresses and their victims’ systems using their attack
infrastructure.
scott
More information about the NANOG
mailing list