Chinese military unit identified as source of major hacks

Security company Mandiant says it’s found clear evidence that a Chinese military unit is behind hacking attacks on more than 140 organizations over the last seven years.

This is by no means the first time that China’s been blamed for such cyberattacks. But Mandiant’s report goes into far more detail than ever before.

It’s fingered the People’s Liberation Army’s (PLA) Unit 61398, based in a suburb of Shanghai, as the group known as Advanced Persistent Threat (APT) 1. This previously unidentified group is said to have stolen hundreds of terabytes of data from organizations in the US, Canada and the UK, including energy firms and military contractors.

Dan McWhorter, managing director of Mandiant Threat Intelligence, says the comapny regards it as one of the most prolific threat groups in the world in terms of the sheer quantity of information it has stolen.

“The decision to publish a significant part of our intelligence about Unit 61398 was a painstaking one.  What started as a ‘what if’ discussion about our traditional non-disclosure policy quickly turned into the realization that the positive impact resulting from our decision to expose APT1 outweighed the risk of losing much of our ability to collect intelligence on this particular APT group,” he says.

“It is time to acknowledge the threat is originating from China, and we wanted to do our part to arm and prepare security professionals to combat the threat effectively.  The issue of attribution has always been a missing link in the public’s understanding of the landscape of APT cyber espionage.”

According to Mandiant, there are hundreds – possibly thousands – of hackers at work within the group, stealing data from dozens or organizations at the same time. The stolen data, it says, includes blueprints, business plans, pricing documents, user credentials, emails and contact lists.

China has responded with a denial – and claimed it is itself the victim of hacking attacks from the US. Foreign Ministry spokesman Hong Lei told  AP: “To make groundless accusations based on some rough material is neither responsible nor professional”.