New report says cyberspying group linked to China's army
Mandiant said in a report that the group was a People's Liberation Army unit under cover
IDG News Service -
A new report traces a large cybersecurity threat group to China's People's Liberation Army, specifically a unit that goes under the cover name "Unit 61398."
Security company Mandiant said in a report released Tuesday that an Advanced Persistent Threat group it called APT1 was one of the most persistent of China's cyberthreat actors because of its likely government support.
"In seeking to identify the organization behind this activity, our research found that People's Liberation Army (PLA's) Unit 61398 is similar to APT1 in its mission, capabilities, and resources," Mandiant said in its report. "PLA Unit 61398 is also located in precisely the same area from which APT1 activity appears to originate."
Unit 61398 is said to be located in a 130,663 square-foot building on Datong Road in Gaoqiaozhen, in the Pudong New Area of Shanghai.
The nature of the work of "Unit 61398" is considered by China to be a state secret, but Mandiant said it believes it engages in harmful computer network operations.
The group has a sinister track record, according to Mandiant. Since 2006, Mandiant has observed APT1 compromise 141 companies spanning 20 major industries. Eighty-seven percent of the target companies are headquartered in countries where English is the native language, and are in industries that China has identified as strategic.
APT1 uses tools that the security company finds have not been used by other groups, including two tools for stealing emails called GETMAIL and MAPIGET. Once the group has established access, it periodically revisits the victim's network over several months or years to steal a variety of intellectual property, including technology blueprints, proprietary manufacturing processes, test results, business plans, pricing documents, partnership agreements, and emails and contact lists from the leadership of the victim organizations, Mandiant said.
China's Foreign Ministry said on Tuesday the nation is firmly opposed to hacking, and has supported regulation to prevent cyberattacks. The government has previously denied accusations that Chinese hackers attacked major newspapers.
The country has also been the victim of hacking, with the number one origins for those attacks coming from the U.S., said ministry spokesman Hong Lei during a press conference.
"Cyber attacks are transnational and anonymous. Its very hard to trace the origins of the attacks. I don't know how this evidence in the relevant report is tenable," he added.
(Michael Kan of the IDG News Service Beijing bureau contributed to this report.)
- The NSA blame game: Singling out RSA diverts attention from others
- Jury still out on FISA court
- Suspected China-based hackers 'Comment Crew' rises again
- Chinese hackers master the art of lying in wait
- Spy court OK'd all U.S. wiretap requests it received in 2012
- Groups denounce FBI plan to require Internet backdoors for wiretaps
- South Korea cyberattacks hold lessons for U.S.
- U.S. military networks not prepared for cyberthreats, report warns
- Return of CISPA: Cybersecurity boon or privacy threat?
- New report says cyberspying group linked to China's army
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Is Your Big Data Solution Production-Ready? Read "Is Your Big Data Solution Production-Ready?" now, and discover best practices and actionable steps to implementing a production-ready big data solution.
- Pay-as-you-Grow Data Protection: IBM Tivoli's Full-featured Data Protection Suite for Small to Medium Businesses IBM Tivoli Storage Manager Suite for Unified Recovery gives small and medium businesses the opportunity to start out with only the individual solutions...
- Streamline Data Protection with IBM Tivoli Storage Manager Operations Center IBM Tivoli Storage Manager (TSM) has been an industry-standard data protection solution for two decades. But, where most competitors focus exclusively on Backup...
- Simplify and Consolidate Data Protection for Better Business Results Learn about IBM® Tivoli® Storage Manager Operations Center, which provides advanced visualization, built-in analytics and integrated workflow automation features that leapfrog traditional backup...
- Webinar: Building a Big Data solution that's production-ready Big data solutions are no longer just a nice-to-have.
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well... All Cyberwarfare White Papers | Webcasts