dosmillerat December 01,2014 Although the hacker had a few set backs when trying to attack the victims software he was still able to use other softwares to get in. It is sad how easy it is to access an innocent individuals IP address to send incriminating information and to steal files.
Donnyat December 12,2014 A rapid fire set of attack events committed by APT1 actors and presented by Mandiant. Worth viewing but don't blink.
connellytat February 01,2015 It might be helpful to have some background information before watching this video. The full report is at intelreport.mandiant.com/Mandiant_APT1_Report.pdf. I thought the video is definitely worth watching, but you'll want to watch in Full Screen mode. Otherwise, the text is too small. I find it interesting that the attackers are using FTP to exfiltrate the files, but that should make it easier for the file/system owners to identify and prevent it using some sort of DLP tool.
gmazurat February 03,2015 The Mandiant report made a lot of noise when it was released. The Chinese, of course, vehemently denied it, and more compelling, certain factions of the USG were not happy with it either since politically it was not the USG, but a private US company accusing the Chinese Government of engaging in cyber espionage against US companies. Perhaps more importantly to government and commercial CIOs, it demonstrated that you did not need to rely upon the USG and its intelligence or law enforcement agencies to develop the anatomy of a hack. There is enough open source information available for anybody with enough time, talent, money, and resources to put it all together. It should be noted, the Mandiant report turned out to be good marketing material for Mandiant, as they were purchased by FireEye in January 2014 for 1 “B” for Billion Dollars.
djohns54at February 05,2015 I recently attended the MirCon Conference late last year and they presented various examples of these types of attacks by this group! Interesting stuff to say the least and it just goes to show just persistent these attackers are in gaining backdoor access to systems and run simple command line syntaxes to steal various types of data. In addition to these attacks, I also caught a presentation where attackers are able to bypass just about all security devices by using native Windows WMI scripts and commands.