A slew of high profile hackings has come to light in the past several weeks, with victims such as the New York Times and Wall Street Journal stating outright the attacks originated from China.
Virginia-based cybersecurity firm, Mandiant, has now corroborated those claims in a 60 page report detailing connections between the Chinese military and numerous attacks in recent years. The report focuses on APT1, a name it has given to the most prominent “Advanced Persistent Threat” observed.
According to Mandiant, APT1 is likely a secretive group within the Chinese People’s Liberation Army known as Unit 61398—the primary mission of which seems to be cyber espionage. “Our analysis has led us to conclude that APT1 is likely government-sponsored and one of the most persistent of China’s cyber threat actors,” says the report. “In seeking to identify the organization behind this activity, our research found that People’s Liberation Army (PLA’s) Unit 61398 is similar to APT1 in its mission, capabilities, and resources. PLA Unit 61398 is also located in precisely the same area from which APT1 activity appears to originate.”
Mandiant observed APT1’s infringement on 150 targets over the course of seven years, during which time it traced the group’s origins back to four sizeable networks in Shanghai. APT1 has been seen taking hundreds of terabytes of data from its marks, attempting to compromise organizations primarily located in English-speaking countries, covering a wide spectrum of industries. In 97% of the cases studied, the hacking group used IP addresses registered in Shanghai and systems which were set for the Simplified Chinese language.
The firm says it believes “that APT1 is able to wage such a long-running and extensive cyber espionage campaign in large part because it receives direct government support,” adding that from Mandiant’s “observations, it is one of the most prolific cyber espionage groups in terms of the sheer quantity of information stolen.”
The reports goes on to state “APT1 has a well-defined attack methodology, honed over years and designed to steal large volumes of valuable intellectual property,” and that after establishing access to a company, the hackers periodically return to steal more information. Technology blueprints, proprietary manufacturing processes, business plans, and emails are only a sample of the data plundered.
China’s Ministry of Defense has responded, calling Mandiant’s report baseless. "The Chinese army has never supported any hackings,” it claimed, going on to state the firm’s “evidence is difficult, as hackers' origins are transnational and anonymous.”
The Ministry was also quick to point out that China has been the target of hackers as well, most of which it says originate from the US.
The White House would not comment directly on the report, but reiterated the President’s stance that cybersecurity is a national security issue. Press Secretary Carney said “We have urged Congress to pass legislation, and the President is taking all steps he can through the executive branch to make sure that we’re safeguarding government networks.”
