China army behind cyber attacks: report

U.S. firm says organisations across the globe, including in India, targeted

February 19, 2013 11:04 pm | Updated December 04, 2021 11:39 pm IST - Washington:

A shadowy Chinese military unit has been named as the source of cyber-attacks on hundreds of organisations around the world, after a Virginia-based security company traced the “Advanced Persistent Threat” to a nondescript building in Shanghai.

The cyber-security company, Mandiant, said in a report that the source — which it labelled APT1 — was “believed to be the 2nd Bureau of the People’s Liberation Army (PLA) General Staff Department’s (GSD) 3rd Department, which is most commonly known by its Military Unit Cover Designator (MUCD) as Unit 61398”.

While the nature of Unit 61398’s work was considered by China to be a state secret, Mandiant said it believed the unit engaged in harmful network operations from its site on Datong Road in Gaoqiaozhen, Pudong New Area of Shanghai.

APT1 had apparently “systematically stolen hundreds of terabytes of data from at least 141 organizations, and... demonstrated the capability and intent to steal from dozens of organizations simultaneously”, said Mandiant. The company mapped the wide-range of victims of Unit 61398’s alleged cyber-attacks, including three organisations in India. Countries that faced attacks included Canada, France, the United Kingdom, Norway, Belgium, Luxembourg, Israel, Switzerland, South Africa, Singapore, Taiwan and Japan.

The report on the alleged cyber-attacks comes exactly a week after U.S. President Barack Obama’s State of the Union remarks on the need to bolster cyber-security.

Obama’s order

In his address last Tuesday, Mr. Obama said, “We know hackers steal people’s identities and infiltrate private e-mails. We know foreign countries and companies swipe our corporate secrets. Now our enemies are also seeking the ability to sabotage our power grid, our financial institutions, our air traffic control systems.” “We cannot look back years from now and wonder why we did nothing in the face of real threats to our security and our economy,” he added.

However numerous organisations have criticised an executive order that the President passed last week to strengthen U.S. cyber defences. Some experts said Mr. Obama had yielded to pressure from Republicans and business lobbyists and agreed that the minimum security standards for companies to follow would be voluntary, not mandatory.

Well organised

While U.S. companies may be slow to gear up for the cyber-security challenge, the Mandiant report left little doubt that the alleged hackers were well-organised. Mandiant explained that Unit 61398’s central building was a 12-storey, 130,663-square-foot facility staffed by hundreds, perhaps thousands, and supplied by China Telecom with special fibre-optic communications infrastructure.

Government role

On the role of the Chinese government, Mandiant added that in a January 2010 report it had said: “The Chinese government may authorise this activity, but there’s no way to determine the extent of its involvement.” However, three years later the security firm said it had obtained evidence to change its assessment and “The details we have analysed during hundreds of investigations convince us that the groups conducting these activities are based primarily in China and that the Chinese Government is aware of them.”

Top News Today

Sign in to unlock member-only benefits!
  • Access 10 free stories every month
  • Save stories to read later
  • Access to comment on every story
  • Sign-up/manage your newsletter subscriptions with a single click
  • Get notified by email for early access to discounts & offers on our products
Sign in


Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.

We have migrated to a new commenting platform. If you are already a registered user of The Hindu and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.