Following the report issued by security firm Mandiant on APT1, the massive cyber espionage campaign allegedly launched by the Chinese military, Symantec has come forward to provide some clarifications, but also to reassure customers that they’re protected against the threat.
The company has released a Q&A in which it details the Comment Crew, the hacker group that’s believed to be behind APT1.
Symantec reports that the spear phishing emails sent by the cybercriminals usually contain attachments entitled something like this:
- Chinese Oil Executive Learning From Experience.doc
- My Eight-year In Bank Of America.pdf
The industries targeted by the Comment Crew are IT, finance, energy, aerospace, manufacturing, media, telecoms, transportation and public services. The most targeted countries appear to be the US and India, but pieces of malware used by the Comment Crew have also been spotted in Russia, and other locations.
Additional details about APT1 and information on what threats are blocked by Symantec products are available here