The Chinese military was pinned as the likely origin of one of the largest cyber-attack and cyber-espionage campaigns against American interests, states a report released from security firm Mandiant on Tuesday.
Mandiant said one group, called Unit 61398, “has systematically stolen hundreds of terabytes from at least 141 organizations, and has demonstrated the capability and intent to steal from dozens of organizations simultaneously.” These affected organizations encompass a diverse number of industries in the United States and instances of data theft started as early as 2006.
Unit 61398 was traced to four large Shanghai-based networks and is part of the Chinese People’s Liberation Army’s cyberware division. The group is just one of about two dozen groups with origins in China and is among the most prolific, the report states.
“These operators, like soldiers, may merely be following orders given to them by others,” Mandiant said.
In 2006, the hackers increased the scope and frequency of targeting American businesses and organizations.
Offering one example, Mandiant said the Unit was observed stealing some 6.5 terabytes of compressed data from just a single organization in ten months, without elaborating on the identity of the organization. But the Unit has been known to attack “dozens of organizations” at the same time, Mandiant said.
It appears that when the Unit gains access to a victim’s network, the hackers pick data from it “periodically” over a period of months or even years, said Mandiant. The Unit had access to one victim’s network for a period of more than 1,764 days, or nearly five years.
As a result, the hackers pilfer large amounts of intellectual property including test results, business plans, partnership agreements, emails, contact lists, technology blueprints, manufacturing processes, and pricing documents.
The report comes just weeks after both The New York Times and the Wall Street Journal acknowledged that Chinese hackers breached their systems. In October 2012, the White House also acknowledged that China-based hackers attacked its website, saying that an unclassified server was hit. And in late 2011, it was reported that largest U.S. lobbying group the Chamber of Commerce was breached by Chinese hackers, who were able to obtain all the data on the organization’s servers.
In the fall of 2011, The Epoch Times reported some of the first direct evidence of the People’s Liberation Army conducting cyber-attacks against U.S.-based targets. The evidence came in the form of B-roll footage in a Chinese military propaganda television show. The footage inadvertently showed custom-built software, apparently originating at a Chinese military university, launching a cyber-attack against the main website of the Falun Gong spiritual practice.
Mandiant said that for years, it was suspected that the Chinese regime was involved in cyber-attacks and the stealing of American intellectual property, but the concerns were never confirmed.
However, “The details we have analyzed during hundreds of investigations convince us that the groups conducting these activities are based primarily in China and that the Chinese [regime] is aware of them,” the report states.
The New York Times reported that Unit 61398 is based in a shabby 12-story office building on the outskirts of Shanghai in a run-down area.
“Either [the attacks] are coming from inside Unit 61398,” Kevin Mandia, the head of Mandiant, told the Times, “or the people who run the most-controlled, most-monitored Internet networks in the world are clueless about thousands of people generating attacks from this one neighborhood.”
The hackers have increasingly turned their attention on hacking companies involved in U.S. critical infrastructure, including power grids, water lines, and gas lines.
The Chinese Foreign Ministry has repeatedly denied that the army carries out cyber-attacks.
A week ago, President Barack Obama referenced cyber-attacks in his State of the Union address.
“We know hackers steal people’s identities and infiltrate private email. We know foreign countries and companies swipe our corporate secrets. Now our enemies are also seeking the ability to sabotage our power grid,” Obama said. The president did not make reference to China or any other country, but U.S. agencies have previously said China is responsible for a number of cyber-attacks on American interests.
The Epoch Times publishes in 35 countries and in 21 languages. Subscribe to our e-newsletter.