FYI...APTs more prolific
Aug 02, 2012 - "... cyberespionage malware and activity is far more prolific than imagined: (Joe Stewart - Dell Secureworks) has discovered some 200 different families of custom malware used to spy and steal intellectual property, with hundreds of attackers
in just two groups out of Shanghai and Beijing... Stewart also unearthed a private security firm located in Asia - not in China - that is waging a targeted attack against another country's military operations, as well as spying on U.S. and European companies and its own country's journalists. He declined to provide details on the firm or its country of origin, but confirmed it's based in a nation that's "friendly" with the U.S... Stewart plans to continue hunting down APT attackers... The full report is here*."
23 July 2012 - "... tracking numerous digital elements involved in cyber-espionage activity:
• More than 200 unique families of -custom- malware
used in cyber-espionage campaigns.
• More than 1,100 domain names registered by cyber-espionage actors
for use in hosting malware C2s or spearphishing.
• Nearly 20,000 subdomains of the 1,100 domains (plus a significant number of dynamic DNS domains) are used for malware C2 resolution
This quantity of elements rivals many large conventional cybercrime operations. However, unlike the largest cybercrime networks that can contain millions of infected computers in a single botnet, cyber-espionage encompasses tens of thousands of infected computers spread across hundreds of botnets
, each of which may only control a few to a few hundred computers at a time. Therefore, each time an "APT botnet
" is discovered, it tends to look like a fairly small-scale operation. But this illusion belies the fact that for every APT botnet that is discovered and publicized, hundreds more continue to lie undetected
on thousands of networks..."(More detail at the Secureworks URL above.)