There’s a lot of concern around the world about hack attacks emanating from China, especially after the attempted hacks on the New York Times recently. The newspaper got an early preview of a new report from security company Mandiant that claims to have tracked down a group of Chinese hackers – and, even more shockingly, says it can link them to China’s military.
Mandiant says that, in a previous report a few years ago, it could not verify the source of the numerous hack attacks from China that seemed to be coming from ordinary citizens. But that’s changed:
Now, three years later, we have the evidence required to change our assessment. The details we have analyzed during hundreds of investigations convince us that the groups conducting these activities are based primarily in China and that the Chinese government is aware of them. [...]
From our unique vantage point responding to victims, we tracked APT1 (Advanced Persistent Threats) back to four large networks in Shanghai [...] Our analysis has led us to conclude that APT1 is likely government-sponsored and one of the most persistent of China’s cyber threat actors. We believe that APT1 is able to wage such a long-running and extensive cyber espionage campaign in large part because it receives direct government support. In seeking to identify the organization behind this activity, our research found that People’s Liberation Army (PLA’s) Unit 61398 is similar to APT1 in its mission capabilities, and resources. PLA Unit 61398 is also located in precisely the same area from which APT1 activity appears to originate.
The security team and the NYT even pinpointed Unit 61398’s 12-storey building in Shanghai, from which Mandiant alleges many top-secret hacks on western targets are operated.
As spotted on TheNextWeb, the researchers have made a five-minute video showing some of the tactics and the workflow of these hackers:
Mandiant was the firm brought in by the NYT to investigate the paper’s own digital break-in, which saw hackers access the email inboxes of all its journalists, though the paper maintains that its database and articles were not accessed or tampered with.
The report says that the “soldiers” on Unit 61398 need to be proficient in English for their overseas-oriented attacks, and says that China Telecom installed “special fiber optic communications infrastructure for the unit in the name of national defense.”
As well as hack attacks, it says that “large-scale thefts of intellectual property” are also going on via these digital backdoors.
Chinese authorities insist that the nation suffers from these kinds of attacks too, and recently said that 10.5 million hacks originating from the US were detected in 2012.
The full Mandiant report is a 76-page PDF which can be found here.