APT3 – also known as Gothic Panda, Buckeye, UPS Team and TG-0110 – was first reported in 2010 by FireEye in their report Hupigon Joins The Party. It is blamed for using a Remote Access Trojan named Pirpi in attacks against the US and UK. The Trojan is usually delivered through malicious attachments or links in spear-phishing e-mails and the group have a history of innovating new browser-based zero-day exploits. FireEye claim that it is one of the most sophisticated threat groups tracked by their Threat Intelligence arm.

hupigon-report

APT3’s targets are in a wide range of sectors including government entities, research institutions, technology, aerospace and defence, transport, manufacturing and telecommunications. Their geographical focus until 2015 was the US and UK, but in June 2015 Symantec reported that the group had also begun to infect organisations in Hong Kong (see Buckeye cyberespionage group shifts gaze from US to Hong Kong). These infections increased significantly in March 2016.

buckeye-report

After exploiting a target, the group hop to additional hosts on the network and install backdoors before searching for intellectual property or other confidential information worth stealing. It forms part of a programme for Intellectual Property theft that costs western economies billions. British companies lose £9.2 billion a year and, were China to respect US IP law, 2.1 million additional jobs could be created.

The InfoSec community finds it difficult to track the command and control infrastructure used by APT3, but we intend to show that it is possible, using domain registration data, to identify the individuals responsible for the APT, the company behind them and the government institution issuing the tasking.

In our next post we will introduce you to the man responsible for purchasing some of APT3’s infrastructure. We identified him by following a trail of metadata from APT3 tools and domain names that led to him, his colleagues and his company.

Read our next post on APT3 for the truth behind this intrusion.

17 thoughts on “Who is behind this Chinese espionage group stealing our intellectual property?

  1. Pingback: APT3 Threat Group a Contractor for Chinese Intelligence Agency - InfoSecHotSpot
  2. Pingback: Chinese Government Contractor Identified as Cyber-Espionage Group APT3 – Silicon War
  3. Pingback: Chinese Government Contractor Identified as Cyber-Espionage Group APT3 - 95CN Security
  4. Pingback: Chinese Government Contractor Identified as Cyber-Espionage … – Silicon War
  5. Pingback: Researchers found a link between the APT3 Threat Group and the Chinese Intelligence AgencySecurity Affairs
  6. Pingback: Researchers found a link between the APT3 Threat Group and the Chinese Intelligence Agency | OSINT
  7. Pingback: Security firm was front for advanced Chinese hacking operation, Feds say
  8. Pingback: Security firm was front for advanced Chinese hacking operation, Feds say | Zahir News -
  9. Pingback: Security firm was front for advanced Chinese hacking operation, Feds say – Rassegna Stampa
  10. Pingback: Security firm was front for advanced Chinese hacking operation, Feds say | The Life Hack News
  11. Pingback: US indicts three Chinese nationals for alleged cyberattacks – Naked Security
  12. Pingback: US indicts three Chinese nationals for alleged cyberattacks – STE WILLIAMS
  13. Pingback: US indicts three Chinese nationals for alleged cyberattacks - Account Security Lockdown
  14. Pingback: Виртуальное господство: как китайские хакеры завоевывают мир через смартфоны | Технологии - ФОТОСМИ | Фотоновости - российское информацион
  15. Pingback: Meet ‘Intrusion Truth’, The Mysterious Group Doxing Chinese Intel Hackers – Fjoddes.Net
  16. Pingback: Meet Intrusion Truth, The Mysterious Group Doxing Chinese Intel Hackers – Blog | Threatshub.org
  17. Pingback: Хакеры: Россия и Китай – CHEPA website

Comments are closed.