China’s army may be behind a computer hacking group that has attacked at least 141 companies worldwide since 2006, according to a report by a U.S. security firm.
The attacks, mainly directed at U.S. companies, were carried out by a group that is “likely government sponsored” and is similar “in its mission, capabilities, and resources” to a unit of the People’s Liberation Army, Mandiant Corp. said in a report today.
Mandiant said it traced the group, labeled Advanced Persistent Threat 1, to four large computer networks in Shanghai. Two of the networks serve the Pudong New Area district, where a secret army unit called 61398 is based, the report said.
“It is time to acknowledge the threat is originating in China,” Alexandria, Virginia-based Mandiant said. “Our research and observations indicate that the Communist Party of China is tasking the Chinese People’s Liberation Army to commit systematic cyber espionage and data theft against organizations around the world.”
A recently prepared U.S. secret intelligence assessment, described Feb. 11 in the Washington Post, said the country’s economy is endangered by a massive and prolonged computer-espionage campaign from China. The New York Times also last month said its computer systems were breached by Chinese hackers, a claim China has denied.
China’s Foreign Ministry said today the country opposes computer hacking and that it is a victim of attacks. The U.S. is the biggest attacker of China’s Internet, said Hong Lei, a spokesman for the ministry. Making “unfounded accusations” is not conducive to resolving the issue, Hong said when asked about the report at a regular briefing today.
“It’s inaccurate and unprofessional to accuse the Chinese military of Internet attacks,” the Ministry of Defense said by fax today in response to a Bloomberg News request for comment on the Mandiant report. “China’s military has never supported hacking and the country has always cracked down on relevant criminals.”
A spokesman for President Barack Obama’s National Security Council said the U.S. has “substantial and growing concerns” about cyber threats, and the administration is aware of the Mandiant Technologies report and its contents.
“We have repeatedly raised our concerns at the highest levels about cyber theft with senior Chinese officials, including in the military, and we will continue to do so,” the spokesman, Tommy Vietor, said in an e-mail.
Vietor didn’t draw a specific link between China and hacking attacks. “The U.S. and China are among the world’s largest cyber actors and it is vital that we continue a sustained, meaningful dialogue and work together to develop an understanding of acceptable behavior in cyberspace,” he said.
Obama issued an executive order Feb. 12 directing the government to develop voluntary cyber-security standards for companies operating the nation’s vital infrastructure, such as power grids and air traffic control systems.
Bloomberg News reported in November that hackers from China broke into computer systems at Coca-Cola Co. in 2009 and reported in July that Chinese hackers targeted 20 organizations, including the European Union Council, while being monitored by security researchers in 2011.
Bloomberg’s Dune Lawrence, while reporting on Chinese online espionage this month, also suffered a hacker attack that Google Inc. said may have been state-sponsored.
APT1 has attacked companies in 20 major industries, and 87 percent of the targets are based in countries where English is the first language, according to the Mandiant report. Targets were based in countries including the U.S., Canada, the U.K., India and Singapore. Mandiant’s research was reported earlier by the New York Times.