In August 2011 at the Black Hat cybersecurity conference in Las Vegas to be precise.
That's when Dmitri Alperovitch, then a research vice president at McAfee went public with details of the machinations of a hacking group then referred to as Shady RAT, a reference to "remote access tool," a technique the gang used to pilfer data from 70 organizations globally, including the United Nations and the International Olympic Committee.
Alperovitch is now co-founder and chief technology officer at CrowdStrike, a security start-up that's about to unveil its new "active defense" systems, designed to make it much more expensive for intruders to access corporate networks, in conjunction with the big RSA cybersecurity conference in San Francisco next week."It's exactly the same group," Alperovitch tells USA TODAY. "The group is still active. They did not shut down after our report, and I don't think they'll shut down after this report either."
The disclosure Monday from forensics firm Mandiant dubbed the group APT1, a reference to "advanced persistent threats," a set of tactics data thieves and cyberspies use to penetrate deep into corporate networks and stay hidden as long as possible.
Mandiant's report provides intricate details of daily activities of the ring, and ties its key operatives to China's People's Liberation Army. The disclosure includes a video of the criminals at work; Mandiant officials say they are bracing for reprisals from China.
"The connection to the PLA was new," says Alperovitch. "They did a good job of identifying that."
No comments:
Post a Comment