It looks just like any other office building located in suburban Shanghai, but the unassuming 12-storey white building pictured right has been identified as the possible nerve center of a global hacking operation conducted by a secret cyberwarfare unit in China’s military.
US security firm Mandiant says that it has collected extensive evidence detailing the existence of the group over the last three years, and that all the clues point to the innocuous white building in Shanghai’s Pudong district being the headquarters of China’s state-sponsored hacking operations.
Mandiant alleges that the building houses a secretive military unit known as the People’s Liberation Army Unit 61398.
As one of the top computer security firms in the US, Mandiant has carried out numerous investigations on behalf of multinational corporations that have fallen victim to professional hackers over the last three years. Using the evidence its gained from those probes, the firm has carried out a series of reverse-engineering processes to identify IP addresses and decipher codes used by the hackers.
Now, the company has issued an unusually detailed 74-page report that lays the blame for numerous high profile hacks squarely at the feet of China’s military.
“The details we have analyzed during hundreds of investigations convince us that the groups conducting these (hacking) activities are based primarily in China and that the Chinese Government is aware of them,” states the report.
Building believed to house People’s Liberation Army Unit 61398
The existence of the report, titled Exposing one of China’s Cyber Espionage Units, was first revealed by the New York Times. In it, Mandiant has identified 20 distinct ‘hacking units’ that it believes are based in China, groups which it has labelled Advanced Persistent Threats (APTs). For the purposes of their report, Mandiant focuses on just one of these groups – APT1 – which is thought to be headquartered in the Shanghai building.
“From our unique vantage point responding to victims, we tracked APT1 back to four large networks in Shanghai, two of which are allocated directly to the Pudong New Area.”
“Either they are coming from inside Unit 61398 or the people who run the most-controlled, most-monitored internet networks in the world are clueless about thousands of people generating attacks from this one neighborhood,” stated Mandiant founder Kevin Mandia.
Mandiant says that it identified the building after carrying out a detailed study of the area in Shanghai where it believes the cyberattacks have originated from.
Highly Sophisticated Attacks on a Massive Scale
People’s Liberation Army Unit 61398 is thought to consist of “hundreds, perhaps even thousands” of personnel, according to Mandiant. Furthermore, the evidence points to those groups inside China being responsible for attacks on at least 141 different companies over the last six years, with victims including businesses involved in financial services, information technology and aerospace, together with dozens of foreign government agencies. One of the most recent victims was the New York Times, which was given early access to Mandiant’s report. Other high profile victims are believed to include security firm RSA, Coca Cola and energy firm Schneider Electric.
As well as stealing commercial secrets, the hackers are also believed to have penetrated the defenses of several companies involved in the US’s critical infrastructure, meaning that they could potentially cause damage to water supplies and power grids in the country.
China: Accusations are “Groundless”
As expected, China has moved quickly to deny the accusations against it. Foreign Ministry spokesman Hong Lei responded to the report by saying that Mandiant’s claims are “groundless”, and doubting whether or not the firm’s evidence would stand up to scrutiny.
“To make groundless accusations based on some rough material is neither responsible nor professional,” insisted Hong Lei.
Mr. Lei’s comments follow a pattern of similar rebuttals from Chinese officials against accusations that the country is involved in high-level cyberwarfare against other nations. A spokesperson for China’s Foreign Ministry previously called claims that it was involved in the New York Times hack were “totally irresponsible”.
China’s official line is that hacking is strictly outlawed in the country, and insists that it too has fallen victim to many cybercrimes.
It’s highly unlikely that the evidence detailed in the report will be enough to identify specific individuals involved in the attacks, but Mandiant says that the exposure may at least “impede their progress” cause China to scale down its cyber operations temporarily.
[...] to be up in the air, with conflicting reports suggesting that the cyberattacks could originate from China or Eastern [...]
[...] emerged with a confluence of events that transpired this week. First there were the incredible details made public by Mandiant on the investigation of China’s Cyberwarfare operations. We then got hit with the hack stories of U.S. bluechip technology giants, Facebook, Apple, and [...]
[...] emerged with a confluence of events that transpired this week. First there were the incredible details made public by Mandiant on the investigation of China’s Cyberwarfare operations. We then got hit with the hack stories of U.S. bluechip technology giants, Facebook, Apple, and [...]
[...] the group also took to taunting Mandiant, the security group that was recently all over the news for its direct identification of the Chine… WE OFFER MANDIANT GUYZ GET BUSY INVENTING A FORMULA TO CALCULATE EXACT MAN/HOUR AND COMPILE A [...]
[...] the group also took to taunting Mandiant, the security group that was recently all over the news for its direct identification of the Chine… WE OFFER MANDIANT GUYZ GET BUSY INVENTING A FORMULA TO CALCULATE EXACT MAN/HOUR AND COMPILE A [...]
[...] China’s Ministry of Defense once again reiterated the supposed shortcomings of a report by security firm Mandiant accusing it of carrying it cyberattacks on the US. That report was “factually inaccurate and [...]
[...] China’s Ministry of Defense once again reiterated the supposed shortcomings of a report by security firm Mandiant accusing it of carrying it cyberattacks on the US. That report was “factually inaccurate and [...]
[...] last month, a report from US security firm Mandiant identified a 12-storey white building as the possible nerve center of a gl… conducted by a secret cyberwarfare unit in China’s military. As one of the top computer security [...]
[...] last month, a report from US security firm Mandiant identified a 12-storey white building as the possible nerve center of a gl… conducted by a secret cyberwarfare unit in China’s military. As one of the top computer security [...]
[...] hackers belonging to a dilettante troops section famous cryptically as a People’s Liberation Army Unit 61398 were found to have collaborated with one of a country’s tip universities on confidence [...]
[...] hackers belonging to a dilettante troops section famous cryptically as a People’s Liberation Army Unit 61398 were found to have collaborated with one of a country’s tip universities on confidence [...]
[...] what is the first real sign of retaliation by the US over China’s questionable cyber-spying activities, a new bill signed into law on Tuesday bars government agencies from purchasing any computer [...]
[...] from 2007 to 2010 by a group known as the “Comment Crew”, which has been linked to the PLA unit 61398 that was exposed by Mandiant earlier this year. Yet despite receiving early warning of the breach, the firm failed to beef up its security [...]
[...] initial report made headlines because the firm was able to pinpoint the headquarters of PLA Unit 61398 to a specific office building located in Shanghai’s Pudong district. Mandiant further exposed [...]