Investigating APT1
• Presentation
In this presentation, the authors discuss utilizing the Internet Census 2012 data to understand how public sources tell a story about specific threat groups.
Publisher
Software Engineering Institute
Topic or Tag
Abstract
Overall Findings:
- Available unclassified data gives a snapshot in time of what APT1 was using.
- APT1 uses stable, well-connected infrastructure, mostly in the US.
- Windows 2003 or XP, Linux ~2.6.32
- Mostly ISPs or hosting providers.
- The APT1 infrastructure may be evolving.
- Malware hashes indicate there is a much bigger network for APT1 than what was released.
Part of a Collection
FloCon 2014 Collection
This content was created for a conference series or symposium and does not necessarily reflect the positions and views of the Software Engineering Institute.