Group: APT1, Comment Crew, ...
|APT1, Comment Crew, ...|
|Aliases||APT1, Comment Crew, Comment Group, Comment Panda|
APT1 is a Chinese threat group that has been attributed to the 2nd Bureau of the People’s Liberation Army (PLA) General Staff Department’s (GSD) 3rd Department, commonly known by its Military Unit Cover Designator (MUCD) as Unit 61398.1
- Masquerading - The file name AcroRD32.exe, a legitimate process name for Adobe's Acrobat Reader, was used by APT1 as a name for malware.3
- Email Collection - APT1 uses two utilities, GETMAIL and MAPIGET, to steal email. GETMAIL extracts emails from archived Outlook .pst files, and MAPIGET steals email still on Exchange servers that has not yet been archived.1
- Data Compressed - APT1 has used RAR to compress files before moving them outside of the victim network.1