That label once referred to unknown cyberhackers invading a corporate network, creating digital backdoors, and spending months or years sending intellectual property data – like oil bid data and pharmaceutical formulas – back through the Internet to points unknown. But now the "A.P.T." is seen in the cybersecurity industry as a mere shorthand for "getting hacked by the Chinese."
"We have data that to me makes it definitely clear that there's a pattern here – hacks on industry, activists, government – and journalists around the world," says Joe Stewart, a cybersecurity expert with Dell Secureworks who has tracked cyberespionage attacks, including a number against news organizations, back to Internet addresses in China.
In late 2011 and early 2012, he says, cyberintruders whose digital signatures he tracked back to China invaded newspapers in Vietnam and Japan. In those cases, he said, he attempted to contact the news organizations to let them know – successfully in the case of the Japanese newspaper.
In August 2011, the Associated Press was reported to be among 72 companies and government agencies targeted in a broad-based global cyberespionage campaign identified by McAfee, the cybersecurity company. McAfee, which dubbed the China-based campaign "ShadyRAT," did not identify the AP by name in its report.
AP spokesman Jack Stokes said the company was aware of the reports.
"We do not comment on network security," he told the Washington Post at the time.
Ronald Deibert, director of the Citizen Lab at the Munk Centre for International Studies at the University of Toronto, says current revelations about media organizations targeted by the Chinese fit into a much larger picture that his group just scratched the surface of in 2009, when they looked into an espionage campaign dubbed “GhOstNet.”