Discussions around APT tend to focus on its impact to the manufacturing and defense contractors which comprise the U.S. Defense Industrial Base. HBGary currently monitors about 18 APT groups, and trends in our data suggest that APT is not just a U.S.-centric problem. Late last year HBGary discovered that at least one APT group we track is now attacking Military Industrial Complex targets in the U.K. and New Zealand whose profiles are similar to its U.S. targets. This APT group is one of the more prolific we track and has a long history of intrusions into U.S. defense contractors.
Until recently, this APT group has focused only on U.S. targets; all told, the group currently has more than 40 government and defense victims. They have brought online new command and control channels, allowing them to attack many new U.S. targets, as well as at least one government facility in the UK and a defense-related corporation operating in New Zealand. This may indicate an expansion in their mission objectives to include Defense Industrial Base targets within all of the “Five Eyes” nations (Australia, New Zealand, Canada, United Kingdom, and United States). As we see global companies acquire the interests of other global companies, this globalization of the APT threat will only accelerate.