search menu icon-carat-right cmu-wordmark

Investigating APT1

In this presentation, the authors discuss utilizing the Internet Census 2012 data to understand how public sources tell a story about specific threat groups.

Software Engineering Institute


Overall Findings:

  • Available unclassified data gives a snapshot in time of what APT1 was using.
  • APT1 uses stable, well-connected infrastructure, mostly in the US.
    • Windows 2003 or XP, Linux ~2.6.32
    • Mostly ISPs or hosting providers.
  • The APT1 infrastructure may be evolving.
  • Malware hashes indicate there is a much bigger network for APT1 than what was released.
Part of a Collection

FloCon 2014 Collection

This content was created for a conference series or symposium and does not necessarily reflect the positions and views of the Software Engineering Institute.