NYT covers China cyberthreat

Scott Weeks surfer at mauigateway.com
Wed Feb 20 11:34:20 PST 2013

--- Valdis.Kletnieks at vt.edu wrote:
On Wed, 20 Feb 2013 15:39:42 +0900, Randy Bush said:
> boys and girls, all the cyber-capable countries are cyber-culpable.  you
> can bet that they are all snooping and attacking eachother, the united
> states no less than the rest.  news at eleven.

The scary part is that so many things got hacked by a bunch of people
who made the totally noob mistake of launching all their attacks from
the same place....

Maybe.  The report says the following, but it doesn't make clear 
(I'm only on page 31, so I don't know if they do later in the report) 
if this is a small botnet, or individuals manning the 937 C&C servers:

B;B; APT1 controls thousands of systems in support of their computer 
intrusion activities.

B;B; In the last two years we have observed APT1 establish a minimum of 
937 Command and Control (C2) servers hosted on 849 distinct IP addresses 
in 13 countries. The majority of these 849 unique IP addresses were
registered to organizations in China (709), followed by the U.S. (109).

B;B; In the last three years we have observed APT1 use fully qualified 
domain names (FQDNs) resolving to 988 unique IP addresses.

B;B; Over a two-year period (January 2011 to January 2013) we confirmed 
1,905 instances of APT1 actors logging into their attack infrastructure 
from 832 different IP addresses with Remote Desktop, a tool that provides 
a remote user with an interactive graphical interface to a system.

B;B; In the last several years we have confirmed 2,551 FQDNs attributed to 

B;B; We observed 767 separate instances in which APT1 intruders used the 
bHUC Packet Transmit Toolb or HTRAN to communicate between 614 distinct 
routable IP addresses and their victimsb systems using their attack


----- End forwarded message -----
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

More information about the cypherpunks-legacy mailing list