Researchers have begun mapping malware samples used by Chinese hacking group APT1 to known malware lists.
The malware was revealed in a detailed Mandiant report (pdf) into the alleged state-sponsored hacking group which linked a string of attacks to an office block on the outskirts of Shanghai.
The hackers allegedly hit organisations including SCADA software outfits Telvent and Digital Bond, and security firm Alient Vault which had links to sensitive information on the US' defensive preparedness against hacking, according to the report.
Most of the more than 1000 malware samples found by Mandiant appeared to be custom and unknown to outsiders.
So far 281 malware samples have been matched to known malware repositories and are being distributed via BitTorrent by VirusShare.
Researcher Wesley McGrew has posted a series of matching malware strings found in the Mandiant report to VirusShare's list, although errors in this analysis may exist.
McGrew said he would analyse the malware further before posting a detailed analysis.
Websense wrote that it found more than 2000 unique cases of APT1 attacks since 2011 against all industry segments. It also noted that traffic from US manufacturing organisations to Chinese websites is 20 times as likely to be due to malware than legitimate traffic.
.png&h=140&w=231&c=1&s=0)
_page-0001.jpg&w=100&c=1&s=0)
Integrate Expo 2025
.png&w=120&c=1&s=0)
Security Exhibition & Conference 2025
Digital As Usual Cybersecurity Roadshow: Brisbane edition
iTnews Benchmark Security Awards 2025
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
