APT1

OriginChina

Techniques (MITRE ATT&CK)23

SourceMITRE ATT&CK

Also known as:Comment CrewComment GroupComment Panda

Vexday analysis

APT1 é um grupo de ameaça persistente avançada de origem chinesa, atribuído ao 2º Bureau do 3º Departamento do Estado-Maior Geral do Exército de Libertação Popular (ELP), comumente identificado pelo designador de cobertura de unidade militar (MUCD) como Unidade 61398. Registrado no MITRE ATT&CK como G0006, o grupo é também conhecido pelos aliases Comment Crew, Comment Group e Comment Panda. Sua atividade está documentada em 23 técnicas no framework ATT&CK.

Techniques (MITRE ATT&CK) 23

How the group operates, mapped to the MITRE ATT&CK matrix and organized by the phases of an attack.

Resource development

Domains Domains Email Accounts Malware Tool

Initial access

Spearphishing Attachment Spearphishing Link

Execution

Windows Command Shell

Credential access

LSASS Memory

Discovery

System Service Discovery System Network Configuration Discovery System Network Connections Discovery Process Discovery Local Account Network Share Discovery

Lateral movement

Remote Desktop Protocol Pass the Hash

Collection

Data from Local System Local Email Collection Remote Email Collection Automated Collection Archive via Utility

stealth

Match Legitimate Resource Name or Location

Exploited vulnerabilities

No CVEs attributed to this group in public sources (MITRE ATT&CK). Absence of attribution does not mean absence of activity.

APT1 uses real techniques and exploits real flaws. TrueHacking's AI Autonomous Pentest simulates these attacks against your infrastructure and brings more security to your application.

Explore the AI Autonomous Pentest →