Report Fingers Chinese Military Unit in US Hack Attacks
Attacks on U.S. infrastructure "likely government-sponsored," say researchers.
Feb. 19, 2013 — -- A Virginia-based cyber security firm has released a new report alleging a specific Chinese military unit is likely behind one of the largest cyber espionage and attack campaigns aimed at American infrastructure and corporations.
In the report, released today by Mandiant, China's Unit 61398 is blamed for stealing "hundreds of terabytes of data from at least 141 organizations" since 2006, including 115 targets in the U.S. Twenty different industrial sectors were targeted in the attacks, Mandiant said, from energy and aerospace to transportation and financial institutions.
Mandiant believes it has tracked Unit 61398 to a 12-story office building in Shanghai that could employ hundreds of workers.
"Once [Unit 61398] has established access [to a target network], they periodically revisit the victim's network over several months or years and steal broad categories of intellectual property, including technology blueprints, proprietary manufacturing processes, test results, business plans, pricing documents, partnership agreements, and emails and contact lists from victim organizations' leadership," the report says.
The New York Times, which first reported on the Mandiant paper Monday, said digital forensic evidence presented by Mandiant pointing to the 12-story Shangai building as the likely source of the attacks has been confirmed by American intelligence officials. Mandiant was the firm that The Times said helped them investigate and eventually repel cyber attacks on their own systems in China last month.
The Chinese government has repeatedly denied involvement in cyber intrusions and Chinese Foreign Ministry spokesperson Hong Lei said today that the claims in the Mandiant report were unsupported, according to a report by The Associated Press.
"To make groundless accusations based on some rough material is neither responsible nor professional," he reportedly said.
Mandiant's report was released a week after President Obama said in his State of the Union address that America must "face the rapidly growing threat from cyber attack."
"We know hackers steal people's identities and infiltrate private e-mail. We know foreign countries and companies swipe our corporate secrets. Now our enemies are also seeking the ability to sabotage our power grid, our financial institutions, and our air traffic control systems. We cannot look back years from now and wonder why we did nothing in the face of real threats to our security and our economy," he said.
Though Obama did not reference China or any country specifically, U.S. officials have previously accused the Asian nation of undertaking a widespread cyber espionage campaign.
Referring to alleged Chinese hacking in October 2011, House Intelligence Committee Chairman Rep. Mike Rogers (R-Mich.) said in an open committee meeting that he did not believe "that there is a precedent in history for such a massive and sustained intelligence effort by a government agency to blatantly steal commercial data and intellectual property."
Rogers said that cyber intrusions into American and other Western corporations by hackers working on behalf of Beijing -- allegedly including attacks on corporate giants like Google and Lockheed Martin -- amounted to "brazen and widespread theft."
"The Chinese have proven very, very good at hacking their way into very large American companies that spend a lot of money trying to protect themselves," cyber security expert and ABC News consultant Richard Clarke said in an interview last week.