Chinese Army unit behind ‘prolific hacking’, US firm claims

In a report released on Tuesday, US security company Mandiant said Unit 61398, a division of the People's Liberation Army (PLA), has been responsible for hacking at least 141 victims worldwide over the last seven years.

According to the report, the unit is considered by China to be a "state secret", and is one of the "most prolific in terms of the sheer quantity of information it has stolen".

Through its observations, Mandiant said it traced the Unit 61398 back to a 12-storey building in the Pudong area of Shanghai, which is reportedly the headquarters of the PLA.

Mandiant said it found evidence of the unit – which it calls Advanced Persistent Threat group 1 (APT1) and is one of 20 APT groups currently operating in China – to four large networks in Shanghai.

The US security company said it uncovered a "substantial amount" of APT1's attack infrastructure, command and control and tools, tactics and procedures.

In the report, Mandiant said APT1 is possibly staffed by thousands of English-speaking personnel trained in computer security and computer network operations. APT1 was also the beneficiary of special fiber optic communication infrastructure provided by state-owned enterprise China Telecom in the name of national defence, the report said.

"Our research and observations indicate that the Communist Party of China is tasking the Chinese People’s Liberation Army to commit systematic cyber espionage and data theft against organizations around the world," Mandiant said in its report.

According to a report on the Wall Street Journal, Chiense Foeign Ministry spokesman Hong Lei denied Mandiant's accusations and questioned the report's credibility at a press briefing on Tuesday.

"It is time to acknowledge the threat is originating from China, and we wanted to do our part to arm and prepare security professionals to combat the threat effectively," said Dan McWhorter, managing director of Threat Intelligence at Mandiant, in a statement on Tuesday.

"Without establishing a solid connection to China, there will always be room for observers to dismiss APT actions as uncoordinated, solely criminal in nature, or peripheral to larger national security and global economic concerns," McWhorter said. "We hope that this report will lead to increased understanding and coordinated action in countering APT network breaches."

Mandiant is one of the UK government's certified cyber security incident response service providers.

Ed Reeves

Ed Reeves co-founded Moneypenny with his sister Rachel Clacher in 2000. The company handles more than 9 million calls a year for 7,000 UK businesses and employs almost 400 members of staff. Reeves remains...

Related Topics