But who are the members of APT-12? Bejtlich says it’s hard to say, but there are four communities from where they might hail: China’s uniformed military, contractors, members of a state militia, or possibly “patriotic hackers.” Patriotic hackers, as the name implies, are people who wage cyberwarfare in the name of a country. While the U.S. has patriotic hackers as well, those who work independent of the military, no matter their motivation, are prosecuted; in China, as long as they don’t attack the Chinese government, they’re treated like “rock stars,” Bejtlich says.

What’s impressive about APT-12 and other sophisticated hacking groups is not their ability to gain entry into systems, Bejtlich says, but their ability to get in without being detected. “The group that did this will [try to] stay stealthy. They were found not because they tripped up, but because extra vigilance was given.” On November 7, unable to rid their system of the attackers after a week and half of trying, the Times hired Mandiant to block the attacks and monitor the hackers’ activity…

But he also applauded the tactic of going public in the wake of an attack—a relatively rare move for companies (speaking at the Kaspersky Lab Cyber Security Summit in New York this week, Eddie Schwartz, chief information security officer at RSA, an American computer and network security company, estimates that only 20 percent of cyberattacks are made public). “It’s a good strategy to come clean,” Bejtlich says. “The Times may [experience] additional attempts, but [publishing the report] serves as a deterrent.”