Cybersecurity Incident Report First Step Technology LLC

APT1 | AKA as Unit 61398 or Comment Crew

Cybersecurity Incident Report

Incident Name Incident Discovery Date Cyber Incident Severity Affected Systems Response States Vulnerability
APT1 [Date of discovery] APT1, also known as Unit 61398 or Comment Crew, is suspected to originate from China’s People’s Liberation Army (PLA) General Staff Department’s 3rd Department. The group systematically steals data from various sectors, demonstrating the capability to compromise dozens of organizations simultaneously. Their primary attack vector is spear phishing. High impact Various sectors Under investigation High

Understanding APT1: Cyber Threat from China

Dear Readers,

Today, we shed light on APT1, a notorious cyber threat group also known as Unit 61398 or Comment Crew. Suspected to originate from China’s People’s Liberation Army (PLA) General Staff Department’s 3rd Department, APT1 has been involved in extensive cyber espionage activities targeting organizations across various sectors.

Over the years, APT1 has systematically stolen hundreds of terabytes of data from at least 141 organizations, demonstrating both the capability and intent to compromise multiple entities simultaneously. Their modus operandi typically involves spear phishing, wherein emails containing malicious attachments or links are tailored to appear relevant to the recipient.

APT1’s infrastructure suggests a large organization with potentially hundreds of human operators, emphasizing the scale of the threat posed by this group. Despite occasional use of publicly available backdoors, APT1 primarily relies on custom-built malware, making detection and attribution challenging.

As we confront the persistent threat posed by APT1, it is crucial for organizations to remain vigilant and implement robust cybersecurity measures to safeguard their sensitive data and networks against sophisticated cyber adversaries.

Stay informed, stay secure.

First Step Technology LLC Cybersecurity Team