Recent cyberattacks of dozens of U.S. firms have been traced back to a small, nondescript Chinese military unit quietly working in a similarly unimpressive setting — a dull office building just outside Shanghai.
The findings come by way of a new report from the Virginia-based Mandiant Corp., which claims its “research and observations indicate that the Communist Party of China is tasking the Chinese People’s Liberation Army to commit systematic cyber espionage and data theft against organizations around the world.”
The report comes at a time when the White House is pushing for more cuts to America’s military.
“The decision to publish a significant part of our intelligence about Unit 61398 was a painstaking one,” said Dan McWhorter, Mandiant’s managing director for threat intelligence, referring to a special unit of China’s People’s Liberation Army (PLA) that has carried out the cyberattacks.
“It is time to acknowledge the [cybersecurity] threat is originating from China,” Mr. McWhorter said. “The issue of attribution has always been a missing link in the public’s understanding of the landscape of cyber espionage. Without establishing a solid connection to China, there will always be room for observers to dismiss [hackers’] actions as uncoordinated, solely criminal in nature, or peripheral to larger national security and global economic concerns.”
Fox News says the “secret group” has hacked U.S. information at energy, aerospace and IT and telecommunication firms. Hackers obtained access to the likes of blueprints and contact lists, Fox News reports.
China dismissed the report as “groundless,” according to a report from The Associated Press. But Mandiant traced 141 instances of cybersecurity breaches that targeted facilities in the U.S. and around the world back to this single small Chinese military office, AP reported.
The report said the hacking started in 2006 and rapidly increased, CBS reported.
To track Unit 61398, Mandiant employed a combination of forensic technical analysis of the malicious software and hardware used by the hackers, and circumstantial inference from open source information about the unit, also known as the 2nd Bureau of the People’s Liberation Army General Staff’s 3rd Department.
In a statement to The Associated Press, China’s Defense Ministry repeated Beijing’s standard denials of any involvement in hacking, saying Chinese law forbids any activities harming Internet security.
“The Chinese government has always firmly combated such activities and the Chinese military has never supported any form of hacking activity,” the ministry said. “Statements to the effect that the Chinese military takes part in Internet attacks are unprofessional and are not in accordance with the facts.”