APT12 is a Chinese threat actor group with possible connections to the Chinese People’s Liberation Army. APT12 has successfully targeted various organizations in government, media, and high technology. They are also known as IXESHE, DynCalc, Numbered Panda, and DNSCALC. APT12 has more recently been targeting both Taiwan and Japan.
Early in 2013, APT12 was responsible for attacks on the New York Times. These attacks infiltrated their networks and computer systems and obtained and exfiltrated password data used by reporters and other employees. At the time, the attacks seemed to coincide with the New York Times investigation regarding the collection of billions of dollars by relatives of Wen Jiabao (then the Chinese prime minister). These APT12 attackers also broke into the email of the New York Times bureau chief David Barboza. David Barboza also wrote the reports on Wen’s relatives. Further, APT12 also targeted the New York Times South Asia bureau chief, who was previously the bureau chief in Beijing.
Ultimately the security team researching the attacks determined that APT12 had stolen the corporate passwords for every New York Times employee! This theft included employees both within and outside of the new room. Additionally, the hacking activity centered around finding information about the Wen family. Further, at this time, no data appeared to have been stolen.
Per the MITRE ATT&CK website, MITRE techniques used by APT12 include:
Techniques Used
Want to learn more? Check out our FREE Bugcrowd University to sharpen your hacking skills.
Organizations the world over need your help! Join our researcher community to connect with hundreds of organization programs focused on finding their security vulnerabilities. Our vast directory includes programs for all skill levels across many industries and from around the world.
Hackers aren’t waiting, so why should you? See how Bugcrowd can quickly improve your security posture.