Mandiant estimates that the group could have hundreds or thousands of operatives. The group uses a couple of trademark tools of its own for stealing emails, GETMAIL and MAPIGET. Mandiant also revealed details on three members of APT1, including one who writes malware for unit who appears to be a big Harry Potter fan. Another hacker who goes by “Ugly Gorilla” and has a penchant for signing his malware with his trademark hacker handle. The company today released more than 3,000 telltale indicators of APTs infections.”]
Source: https://www.darkreading.com/attacks-breaches/chinese-military-tied-to-major-cyberespionage-operation