APT 12 returns with new toolsby Nikola Strahija on August 8th, 2013 Chinese hacker group known for their work on The New York Times website, returns with new tools after months of inactivity. Believed to be linked with the People's Republic of China, APT 12 is probably the most famous hacker group out there.
Back in September 2012, Advanced Persistent Threat #12 (or APT 12) hacked into the computer network of New York Times as said in a report.
At that time NYT reporters were working on a story about the multi-billion dollar secret fortune accumulated by relatives of China's Prime Minister, Wen Jiabao. Experts from Mandiant, a computer security firm which was contracted to investigate the incident, weren't clear on how the inital breach happened but they believe phishing attacks were used.
After a period of silence it seems APT 12 is back; "We observed new activity from this group in early May 2013" said Ned Moran, senior researcher at FireEye, "We are almost certain that these new attacks were conducted by the same group".
Backdoor.APT.Aumlib and Backdoor.APT.Ixeshe malware, associated with the group, were updated with new network code so that the traffic patterns differ from older versions and are harder to detect. Previous Ixeshe update was made in December 2011 while work on Aumlib was done back in May 2011.