Nation-State Actor
APT1 (Comment Crew)
China • Active since 2006
APT1 is a famous Chinese military hacking unit that got caught in 2013. They stole secrets from over 140 US companies, taking everything from product designs to business plans. They operated from a building in Shanghai.
Overview
APT1 was one of the first Chinese APT groups publicly exposed, linked to PLA Unit 61398. They conducted massive intellectual property theft from US companies across multiple industries, stealing hundreds of terabytes of data.
Also Known As
Comment Crew, Comment Panda, Byzantine Candor, Unit 61398
Target Industries
Aerospace, Energy, Technology, Finance, Telecommunications
Target Regions
United States, United Kingdom, Canada
Is your business exposed?
Tactics, Techniques & Procedures
- • Spear-phishing
- • Command and control via HTTP comments
- • Credential theft
- • Large-scale data exfiltration
- • Long-term persistence
Known Tools & Malware
WEBC2, AURIGA, BANGAT, CALENDAR, COMBOS
Notable Campaigns
Operation Shady RAT (2006-2011)
Long-running campaign targeting 70+ organizations across industries.
US Infrastructure Targeting (2011-2013)
Targeted US critical infrastructure and defense contractors.
MITRE ATT&CK Techniques
T1566.001, T1071.001, T1003, T1041, T1078
Defense Recommendations
- 1.
Review historic APT1 indicators in logs
- 2.
Implement modern email security controls
- 3.
Deploy data loss prevention
Related Threat Actors
Is your business exposed?
Check if your company data is circulating on the dark web
Free scan • No credit card required