Earlier this year Mandiant published a report about a hacking group called APT1. Paul’s presentation focuses on his own in-depth analysis of this group, based on the information provided by Mandiant. Paul discovered numerous C&C (Command & Control) servers located in China running the same software that is highlighted in the Mandiant report. He managed to penetrate the infrastructure using vulnerabilities identified in the C&C server. Paul’s research provides a rare insight into activities and methodologies used by these attackers. This presentation will identify the infrastructure, tools, and malware used by the group to perform unscheduled backups of company data and intellectual property.