The Inquirer-Home

China’s army linked to cyber spying by security report

Group allegedly stole hundreds of terabytes of data from 141 companies
Tue Feb 19 2013, 15:18
The Great Wall of China

THE CHINESE MILITARY has been linked to a large cyber security threat group in a report released today by security firm Mandiant.

Mandiant's report claimed that an advanced persistent threat group called APT1 is in fact a secretive branch of China's People's Liberation Army (PLA), codenamed Unit 61398.

"Our analysis has led us to conclude that APT1 is likely government-sponsored and one of the most persistent of China's cyber threat actors," Mandiant said in its report.

"In seeking to identify the organisation behind this activity, our research found that PLA's Unit 61398 is similar to APT1 in its mission, capabilities, and resources."

Mandiant's report claimed that PLA Unit 61398 is also located in precisely the same area from which APT1 activity appears to originate in Shanghai's Pudong district.

"Though our visibility of APT1's activities is incomplete, we have analysed the group's intrusions against nearly 150 victims over seven years," Mandiant's report continued, adding that its investigation of APT1 is not finished.

"APT1 has systematically stolen hundreds of terabytes of data from at least 141 organisations, and has demonstrated the capability and intent to steal from dozens of organisations simultaneously."

China has claimed that the nature of the work of Unit 61398 is a state secret, but Mandiant said it engages in harmful computer network operations. APT1 is only one of 20 advanced cyber campaigns that the firm is tracking at the moment.

China's Foreign Ministry denied Mandiant's allegations today, and said that the nation is firmly opposed to hacking and has supported regulation to prevent cyber attacks. Speaking at a daily press briefing today, Chinese foreign ministry spokesman Hong Lei denied the accusations in Mandiant's report and said it is difficult to trace such attacks accurately.

We've contacted the US and Chinese embassies in London for comment regarding the report, but have not received any replies yet.

Since Mandiant issued its report, The New York Times - which claimed to be targeted by hacking attacks originating in China last month - has since identified Unit 61398 as the Comment Crew, a team that the US believes is responsible for attacks on businesses connected to the country's critical infrastructure.

In January, The New York Times reported that it had been under attack by Chinese hackers for four months, beginning around the time it began an investigation into reports that relatives of China's prime minister Wen Jiabao had accumulated fortunes worth several billion dollars through corrupt business dealings. µ

 

Share this:

blog comments powered by Disqus
Advertisement
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

Advertisement
INQ Poll

Heartbleed bug discovered in OpenSSL

Have you reacted to Heartbleed?