--- Valdis.Kletnieks@vt.edu wrote: On Wed, 20 Feb 2013 15:39:42 +0900, Randy Bush said:
boys and girls, all the cyber-capable countries are cyber-culpable. you can bet that they are all snooping and attacking eachother, the united states no less than the rest. news at eleven.
The scary part is that so many things got hacked by a bunch of people who made the totally noob mistake of launching all their attacks from the same place.... ------------------------------------------------ Maybe. The report says the following, but it doesn't make clear (I'm only on page 31, so I don't know if they do later in the report) if this is a small botnet, or individuals manning the 937 C&C servers: »» APT1 controls thousands of systems in support of their computer intrusion activities. »» In the last two years we have observed APT1 establish a minimum of 937 Command and Control (C2) servers hosted on 849 distinct IP addresses in 13 countries. The majority of these 849 unique IP addresses were registered to organizations in China (709), followed by the U.S. (109). »» In the last three years we have observed APT1 use fully qualified domain names (FQDNs) resolving to 988 unique IP addresses. »» Over a two-year period (January 2011 to January 2013) we confirmed 1,905 instances of APT1 actors logging into their attack infrastructure from 832 different IP addresses with Remote Desktop, a tool that provides a remote user with an interactive graphical interface to a system. »» In the last several years we have confirmed 2,551 FQDNs attributed to APT1. »» We observed 767 separate instances in which APT1 intruders used the “HUC Packet Transmit Tool” or HTRAN to communicate between 614 distinct routable IP addresses and their victims’ systems using their attack infrastructure. scott