Home page logo

dailydave logo Dailydave mailing list archives

Re: Late Friday thoughts on the Kevin Mandia RSAC keynote.
From: Richard Bejtlich <taosecurity () gmail com>
Date: Mon, 24 Mar 2014 11:35:15 -0400

On Sun, Mar 23, 2014 at 11:24 AM, Moses Hernandez <moses () moses io> wrote:
  Quick Q: You referring to this particular statement (I paused it):

Highlights - Technical
- In over 97% of the 2,672 separate APT1 intrusions Mandiant observed (into 141 companies), APT1 used IP addresses 
registered in Shanghai.

So that statement tells me that those are just the APT1 intrusions not all of the Mandiant referenced intrusions. 
APT1 itself is said to use IP addresses registered in Shanghai. Is that by itself clever misdirection? Maybe. Are 
there other 'APT' style groups that go undetected from various nations?

Moses is right. Dave misunderstood what Kevin said. Also, APT1 is only
one of two dozen or so Chinese groups Mandiant tracks. We also track
Russians, etc.


Dailydave mailing list
Dailydave () lists immunityinc com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]