Tuesday, February 19 14:39:20
A unit of the People's Liberation Army (PLA) based in Shanghai is responsible for sustained and prolific hacking, malware and theft of intellectual property from Western Governments and industry, according to a major report from Mandiant today.
It identifies PLA Unit 61398 based in a 12-storey building in the industrial heart of Shanghai as the centre of a Chinese State backed conspiracy to plunder information from the computer systems of a wide range of industries as well as the US Government.
The report shows that the US cyber security firm identified a number of sites it terms Advanced Persistent Threats (APTs) with PLA unit 61398 designated APT1.
"The sheer scale and duration of sustained attacks against such a wide set of industries from a singularly identified group based in China leaves little doubt about the organisation behind APT1 (the unit identified as the most . We believe the totality of the evidence we provide in this document bolsters the claim that APT1 is Unit 61398. However, we admit there is one other unlikely possibility," it said.
"A secret, resourced organisation full of mainland Chinese speakers with direct access to Shanghai-based telecommunications infrastructure is engaged in a multi-year, enterprise scale computer espionage campaign right outside of Unit 61398's gates, performing tasks similar to Unit 61398's known mission."
"The nature of Unit 61398's work is considered by China to be a state secret; however, we believe it engages in harmful computer network operations," Mandiant said. "It is time to acknowledge the threat that is originating in China, and we wanted to do our part to arm and prepare security professionals to combat that threat effectively."
China has dismissed the allegations as "groundless", saying it strictly outlaws the practice adding that it has also been a victim of such crimes.
Unit 61398 is based in the Pudong district, China's financial and banking hub, and is staffed by perhaps thousands of people proficient in English as well as computer programming and network operations, the report said.
It said the unit had "stolen hundreds of terabytes of data from at least 141 organisations across a diverse set of industries beginning as early as 2006". Most of the victims were located in the US, with smaller numbers in Canada and Britain. The information stolen included details on mergers and acquisitions and the emails of senior employees, the report said.
Mandian last December announced that it is setting up a new European headquarters in Dublin, taking on 100 high-tech staff.