Security researchers have long pointed to China as the source of the bulk of cyberespionage activity against U.S. companies. But the Mandiant APT1 report, which came out in March, provided a definitive link to the Chinese government. The group was responsible for targeting hundreds of companies, remaining on systems for up to a year or longer before being detected.
The report preceded the discovery of a bevy of new targeted attacks designed to steal intellectual property from a variety of companies. The advanced persistent threats targeted businesses large and small, government agencies, defense contractors and manufacturers.
While custom malware, zero-day attacks and new watering hole techniques have been documented, nation-state attackers use fairly common techniques to gain a foothold in an organization. Mandiant found the group targeting configuration weaknesses, common vulnerabilities in browsers and browser components, and carrying out phishing attacks against employees.