US group implicates Chinese army in industrial hacking
China has vociferously denied claims by a US cyber security firm that a shadowy group attached to the People’s Liberation Army was behind a series of computer hacking attacks on industrial targets.
The company, Mandiant, identified the PLA’s Unit 61398, based in Shanghai’s financial hub Pudong, as the most likely driving force behind the specific Advanced Persistent Threat (APT) group, which it labelled APT1.
Mandiant said the APT1 Chinese hacker group had attempted to hack nearly 150 victims over the past seven years, and that hundreds of terabytes of data were involved.
“Our analysis has led us to conclude that APT1 is likely government-sponsored and one of the most persistent of China’s cyber threat actors,” Mandiant said in its report.
The sheer scale and duration of sustained attacks against such a wide set of industries from a singularly identified group based in China leaves little doubt about the organisation behind APT1, the group said. “We believe that APT1 is able to wage such a long-running and extensive cyber espionage campaign in large part because it receives direct government support,” Mandiant said.
China has frequently been accused of hacking, and officials from the US and the EU have complained in the past to Beijing about sanctioned trade-secret theft. Beijing usually counters by saying it too is a victim of hacking and denies that it is involved in cyber warfare.
China’s foreign ministry said the government was firmly opposed to hacking, and said that it was sceptical about the evidence in the report.
“Hacking attacks are transnational and anonymous. Determining their origins is extremely difficult. We don’t know how the evidence in this so-called report can be tenable,” spokesman Hong Lei told a regular news briefing.
China’s defence ministry also denied the claims and called the accusations “unprofessional” and “groundless”, saying that China was a major victim of cyber warfare.
Mandiant located Unit 61398 in a 12-storey building in a residential area and said it was staffed by hundreds, perhaps thousands, of people based on the size of the building.
Unit 61398’s formal name is the 2nd Bureau of the People’s Liberation Army’s General Staff Department’s 3rd Department.
Most victims were in the US, with smaller numbers in Canada and Britain. Once the hackers establish access, they periodically revisit the victim’s network over several months or years and steal broad categories of intellectual property, including blueprints, manufacturing processes, test results, business plans, pricing documents, partnership agreements, as well as emails and contact lists from the targeted organisation’s leadership.