China military branch behind ‘prolific hacking. – U.S. report

PanARMENIAN.Net - A secretive branch of China's military is most likely one of the world's "most prolific cyber espionage groups", a U.S. cyber security firm has said, according to BBC News.

Mandiant said Unit 61398 was believed to have "systematically stolen hundreds of terabytes of data" from at least 141 organizations around the world. It traced the attacks to the doorstep of a non-descript building in Shanghai used by the unit.

China denied hacking and questioned the validity of Mandiant's report.

"Hacking attacks are transnational and anonymous," said foreign ministry spokesman Hong Lei. "Determining their origins are extremely difficult. We don't know how the evidence in this so-called report can be tenable. Arbitrary criticism based on rudimentary data is irresponsible, unprofessional and not helpful in resolving the issue."

Mr Hong added that Beijing "firmly opposes hacking", has taken steps to prevent it and is also a victim of cyber attacks.

In its unusually detailed report, U.S.-based computer security company Mandiant said it had investigated hundreds of data breaches since 2004, most of which it attributed to what it termed "Advanced Persistent Threat" actors.

The details it had uncovered, it said, "convince us that the groups conducting these activities are based primarily in China and that the Chinese government is aware of them".

The most prolific of these actors is APT1, which Mandiant says it "a single organization of operators that has conducted a cyber espionage campaign against a broad range of victims since at least 2006".

"From our observations, it is one of the most prolific cyber espionage groups in terms of the sheer quantity of information stolen," it said, adding that it was "likely government-sponsored and one of the most persistent of China's cyber threat actors".

"We believe that APT1 is able to wage such a long-running and extensive cyber espionage campaign in large part because it receives direct government support," said Mandiant.

The firm said it had traced the hacking activities of APT1 to the site of 12-storey building in the Pudong area of Shanghai. It said that Unit 61398 of the People's Liberation Army "is also located in precisely the same area" and that the actors had similar "missions, capabilities and resources".

Among the findings about APT1 in the report were that it: is staffed by hundreds, possibly thousands, of proficient English speakers with advanced computer security and networking skills; has hacked into 141 companies across 20 industries, 87% based in English-speaking countries, and is able to steal from dozens of networks simultaneously; has stolen hundreds of terabytes of information including blueprints, business plans, pricing documents, user credentials, emails and contact lists; stayed inside hacked networks for an average of 356 days, with the longest lasting 1,764 days; targeted industries identified by China as strategically important under its Five Year Plan for economic growth.