Analysis of Advanced Persistent Threat 1 Released by the Mandiant Company - Report Example

The Mandiant Report The Mandiant Report Introduction The primary purpose of this essay is to acquire a critical understanding about the cyber security firm and one of the prominent information security companies named ‘Mandiant’. Throughout the essay, the discussion critically provides a clear representation about the first threat report, i.e. “Advanced Persistent Threat” (APT1) published by Mandiant in February 2013. The threat report of APT1 released by the company includes a documentation of the evidence regarding the cyber-attacks executed by the Peoples Liberation Army by targeting more than 141 US based organizations along with commercial firms from different English speaking countries across the world (Mandiant, A FireEye Company, 2013). In addition, the essay also provides a critical understanding about APT1, along with the primary intention of Mandiant in releasing this report. Finally, the essay covers up the ultimate findings of the Mandiant report and justifies the overall outcome of APT1.The essay also include different other pertinent facts and conclusions regarding the concept, terms and significances of the APT1 report released by Mandiant. Brief Description about Mandiant Founded in the year 2004, Mandiant is regarded as one of the leading cyber security companies engaged in investing various types of computer security breaches across the organizations located in the different parts of the world. Since its inception, the cyber security firm is committed to provide vital support by safeguarding each system related information and data, and it helps organizations to carry out an evidence-based investigation process to perceive appropriate results about any type of security breaches in the organizations. According to a brief understanding about the current operational process, the cyber security mechanism of Mandiant includes safeguarding confidential product plans, and theft of vendor and client contract related information, along with a customer database and financial assets of the organizations irrespective of dissimilar commercial fields. In addition, the cyber security structure of Mandiant also deals with organizational secrets and is responsible to protect them from uncertain security breach related issues (Mandiant, A FireEye Company, 2015). Primary Reasons of Releasing the Report Although Mandiant garnered its strong position through protecting commercial credentials of the global organizations, but the company has gained world recognition by its investigation of cyber security breach made by APT. According to the APT1 report of the organization, Mandiant has critically distinguished about various APT groups along with their issues associated with the breaching cyber security of more than 141 US based and globally renowned organizations. The APT1 in the Mandiant’s report referred APT groups in the cyber security related issues. The APT1 report of the company is released with an aim of generating major awareness about the threat of cyber security breaching and the degree to which it can create security risks on the nations and the global economic condition as well (Rid, 2013). In addition, the report has also critically summarized the actual process along with tools, tactics, and procedures (TTPs) that enabled APT1 to steal successfully the confidential information and intellectual property of different privately and publicly held foreign organizations. According to the report, APT1 carried out a systematic process to steal hundreds of terabytes of information and confidential data from almost 141 global organizations with an intention of acquiring valuable data from dozens of multinationals simultaneously. In this regard, security is one of the major concerns for Mandiant compelling, to present a clear description of the cyber-attack made by APT1, along with major consequences that might be derived from those activities (Bejtlich, 2013). In relation to the security breaching report of Mandiant, the People’s Liberation Army (PLA’s) Unit 61398 of China led the cyber espionage program. Considering the cyber espionage program, the Mandiant report revealed the intrusion made by the APT1, which involved list of nearly 150-targeted private and public based organizations for the last seven years. Therefore, the immense security issue relating to the financial assets, strategic report of various governmental and non-governmental organizations compelled Mandiant to release the security report against the major cyber-attacks of APT1. With due regard to the consent acquired from the targeted organizations, Mandiant revealed cyber espionage activities of APT1, along with its four large networks based in Shanghai, China. Moreover, the investigation report of Mandiant also uncovered major amount of cyber-attack infrastructure, along with control and command of APT1. In addition, the investigation team of the organization discovered TTPs of APT1, along with its cyber-attach cycle leading to a massive amount of data and information loss of the global organizations, especially from English speaking countries around the globe. In this regard, creating global awareness relating to the cyber espionage is also a major area behind the release of the APT1 investigation report (Mandiant, A FireEye Company, 2014). Brief Description about APT1 In accordance with the definition provided by Mandiant’s report, APT1 is the 2nd Bureau in the PLA. It is the 3rd active Department of the PLA’s General Staff Department (GSD) and is essentially known as Unit 61398 following to the Military Unit Cover Designator (MUCD). The nature of the activities performed by the Unit 61398 is considered to be keeping secrets by the Chinese government. However, according to the report, it has been revealed that the Unit 61398 is involved with ‘Computer Network Related Operations’ that are often carried out to perform different types of unauthorized or network security breach related activities. In relation to the key findings of the report, Unit 61398 is operated by a group of hundred or perhaps thousands of computer network and security experts, which has been estimated by the report observing the infrastructure facility of the group from where it operates. Moreover, the report also uncovered that the materials, equipment, and other sophisticated technologies used by this Unit to procure and organize in the name of the national defense system of China. APT1, the single organization has carried out a series of cyber espionage campaigns since the year 2006 by breaching security measures and acquiring hundreds of terabytes of confidential data and information about the public and private based or organizations across the globe (Mandiant, A FireEye Company, 2013). The observation made by Mandiant also revealed that the intrusions of APT1 comprised 141 global organizations spanning from 20 major industrial fields. The report in this regard provides a clear cyber-attack methodology of APT1. The Unit periodically intrudes into the network of the targeted organizations with the aim of stealing voluminous confidential information and intellectual properties. The intellectual property that is mainly targeted by APT1 include, technology blueprints, proprietary manufacturing and operational processes, business plans, experimental results, pricing strategies, partnership agreements, along with emails and contact lists from the organizations targeted by APT1(Bejtlich, 2013). Conclusion With due regards to the Mandiant report, a little doubt can be estimated regarding the role of APT1 to perform cyber-attacks against numerous industries across the world. However, the evidences and their totality documented in the report augment to claim that APT1 is solely responsible for stealing perhaps hundreds of terabytes of the organizational information and intellectual property. Mandiant attributed to bolster the claim on the ground of striving efforts from its valuable and extensively developed forensic scientists and cyber-crime analysts. The evidences regarding the operational records of APT1 with respect to its intrusion against different organizations, specifically the firms and agencies from English speaking countries substantially helped the Mandiant to identify the criminal practices of APT1. The report also describes a wide range of techniques, tactics, and methodologies to illustrate clearly the intrusion of APT1 into different organizational networking infrastructures. The investigation process as well as release of the APT1 report dramatically lowered the lifespan of the attackers and it is anticipated to help to keep appropriate track of the intruders in any future instances relating to cyber-attacks or breaching of network security systems. References Bejtlich, R. (2013). The practice of network security monitoring: Understanding incident detection and response. The United States: No Starch Press. Mandiant, A FireEye Company (2013). APT1: Exposing One of China’s Cyber Espionage Units. Mandiant, 1-74. Mandiant, A FireEye Company (2014). One year after the APT1 Report: What difference does a year make? Beyond the Breach, 17-21. Mandiant, A FireEye Company (2015). About us. Retrieved from https://www.mandiant.com/company/ Rid, T. (2013). Cyber war will not take place. New York: Oxford University Press. Read More