APT1: technical backstage

Published on 2013-04-08 14:00:00.

The company Mandiant published in February 2013 a report about an Advance Persistent Threat (APT) called APT1. The report can be freely downloaded here.

Inspired by this article, we have decided to perform our own technical analysis of this case. In the report, Mandiant explains that the attackers were using a well-known Remote Administration Tool (RAT) called Poisin Ivy and that they were located in China. We based our investigation on thoses two facts only. Our report can be downloaded here.