APT stands for Advanced Persistent Threat, a term that computer security experts and government officials use to describe a targeted attack and that many say has become synonymous with attacks perpetrated by China. AT&T and the FBI have been tracking the same group, which they have also traced to China, but they use their own internal designations.
Mandiant said the group had been "very active" and had broken into hundreds of other Western organisations, including several American military contractors.
To get rid of the hackers, The Times blocked the compromised outside computers, removed every back door into its network, changed every employee password and wrapped additional security around its systems.
For now, that appears to have worked, but investigators and Times executives say they fully anticipate renewed efforts by hackers.
"This is not the end of the story," said Bejtlich of Mandiant. "Once they take a liking to a victim, they tend to come back. It's not like a digital crime case where the intruders steal stuff and then they're gone. This requires an internal vigilance model."
The New York Times