Mandiant Ties Cyber Attacks to Chinese Military

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

Security firm Mandiant yesterday released a report, "APT1: Exposing One of China's Cyber Espionage Units" [PDF file], which details extensive research linking a group of hackers to a department within China's military.

"The group, known as the Comment Crew and APT1, operates out of a 12-story office tower in the Pudong New Area of Shanghai, and is said to be part of Unit 61398, a unit of the People’s Liberation Army that has a staff of hundreds and perhaps thousands of hackers who have systematically stolen valuable data from U.S. firms since at least 2006 using the resources of state-owned enterprises, such as China Telecom, to conduct the attacks, according to Mandiant," writes Wired's Kim Zetter.

"In this three-year investigation, Mandiant documented Unit 61398 hacking into 141 companies (including 115 in the U.S.) across 20 industries, and stealing many terabytes of compressed data in sustained attacks averaging 356 days," write The Daily Beast's John Avlon and Sam Schlinkert. "The longest persistent attack documented by Mandiant lasted 4 years and 10 months. The largest recorded theft was 6.5 terabytes from a single company over 10 months."

"Other security firms that have tracked Comment Crew say they also believe the group is state-sponsored, and a recent classified National Intelligence Estimate, issued as a consensus document for all 16 of the United States intelligence agencies, makes a strong case that many of these hacking groups are either run by army officers or are contractors working for commands like Unit 61398, according to officials with knowledge of its classified content," write The New York Times' David E. Sanger, David Barboza and Nicole Perlroth.

"China’s Foreign Ministry said on Tuesday the nation is firmly opposed to hacking, and has supported regulation to prevent cyberattacks. ... The country has also been the victim of hacking, with the number one origins for those attacks coming from the U.S., said ministry spokesman Hong Lei during a press conference," writes PCWorld's John Ribeiro. "'Cyber attacks are transnational and anonymous. It's very hard to trace the origins of the attacks. I don’t know how this evidence in the relevant report is tenable,' he added."