A shadowy Chinese military unit has been named as the source of cyber-attacks on hundreds of organisations around the world, after a Virginia-based security company traced the “Advanced Persistent Threat” to a nondescript building in Shanghai.
The cyber-security company, Mandiant, said in a report that the source — which it labelled APT1 — was “believed to be the 2nd Bureau of the People’s Liberation Army (PLA) General Staff Department’s (GSD) 3rd Department, which is most commonly known by its Military Unit Cover Designator (MUCD) as Unit 61398”.
While the nature of Unit 61398’s work was considered by China to be a state secret, Mandiant said it believed the unit engaged in harmful network operations from its site on Datong Road in Gaoqiaozhen, Pudong New Area of Shanghai.
APT1 had apparently “systematically stolen hundreds of terabytes of data from at least 141 organizations, and... demonstrated the capability and intent to steal from dozens of organizations simultaneously”, said Mandiant. The company mapped the wide-range of victims of Unit 61398’s alleged cyber-attacks, including three organisations in India. Countries that faced attacks included Canada, France, the United Kingdom, Norway, Belgium, Luxembourg, Israel, Switzerland, South Africa, Singapore, Taiwan and Japan.
The report on the alleged cyber-attacks comes exactly a week after U.S. President Barack Obama’s State of the Union remarks on the need to bolster cyber-security.
Obama’s order
In his address last Tuesday, Mr. Obama said, “We know hackers steal people’s identities and infiltrate private e-mails. We know foreign countries and companies swipe our corporate secrets. Now our enemies are also seeking the ability to sabotage our power grid, our financial institutions, our air traffic control systems.” “We cannot look back years from now and wonder why we did nothing in the face of real threats to our security and our economy,” he added.
However numerous organisations have criticised an executive order that the President passed last week to strengthen U.S. cyber defences. Some experts said Mr. Obama had yielded to pressure from Republicans and business lobbyists and agreed that the minimum security standards for companies to follow would be voluntary, not mandatory.
Well organised
While U.S. companies may be slow to gear up for the cyber-security challenge, the Mandiant report left little doubt that the alleged hackers were well-organised. Mandiant explained that Unit 61398’s central building was a 12-storey, 130,663-square-foot facility staffed by hundreds, perhaps thousands, and supplied by China Telecom with special fibre-optic communications infrastructure.
Government role
On the role of the Chinese government, Mandiant added that in a January 2010 report it had said: “The Chinese government may authorise this activity, but there’s no way to determine the extent of its involvement.” However, three years later the security firm said it had obtained evidence to change its assessment and “The details we have analysed during hundreds of investigations convince us that the groups conducting these activities are based primarily in China and that the Chinese Government is aware of them.”