A U.S. cyber-security firm has publicly accused the Chinese military of carrying out a series of Internet-based attacks on American and foreign companies in a one of the most detailed reports to date alleging such activity is officially condoned in China.
Alexandria, Va.-based Mandiant said that it tracked a People’s Liberation Army organization, known as Unit 61398, that since 2006 launched online attacks against at least 141 companies and organizations.
Of those 141 targets, 115 were in the United States, according to Mendiant’s 74-page report. “The activity we have directly observed likely represents only a small fraction of the cyber espionage,” the report said.
“Our research and observations indicate that the Communist Party of China is tasking the Chinese People’s Liberation Army to commit systematic cyber espionage and data theft against organizations around the world,” the report said.
The accusations seem certain to further stoke tensions between Washington and Beijing in what has become on one side a mounting body of allegations and evidence that hacking is being condoned, if not directed, by Beijing and, on the other side, continued denials from China.
In a regularly scheduled press briefing on Tuesday, the Chinese Foreign Ministry again denied official Chinese involvement in online hacking activity and pointed out that China is itself regularly subjected to such attacks.
While not citing China specifically, President Barack Obama said in his State of the Union address on Feb. 12 that, “America must also face the rapidly growing threat from cyber-attacks.”
“Our enemies are also seeking the ability to sabotage our power grid, our financial institutions, and our air traffic control systems,” Obama said in the address. “We cannot look back years from now and wonder why we did nothing in the face of real threats to our security and our economy.”
The report said Unit 61398 operates from the city of Shanghai. Within the Chinese military’s command structure, the unit is reportedly the second bureau of the general staff’s third department, with a focus including signals intelligence and cyber surveillance.
The industries targeted by Unit 61398, the report said, are consistent with those that China has identified as being strategically important to its growth. Mandiant did not name the companies affected, but said they were from a broad range of sectors including aerospace, energy, telecommunications and scientific research.
Among the types of information stolen, the report said, were system designs, manufacturing procedures, contract negotiation positions and business plans.
The Mandiant document, which was first reported by The New York Times, said with obvious derision that besides Unit 61398, there was only one other possible culprit: “A secret, resourced organization full of mainland Chinese speakers with direct access to Shanghai-based telecommunications infrastructure engaged in a multi-year, enterprise scale computer espionage campaign right outside of Unit 61398’s gates.”
Mandiant also issued a video showing what it said was screen footage of a member of the group setting up anonymous e-mail accounts that were used to send notes with attachments that, if opened, would give the hackers access to victims’ computers. The video also recorded a group member allegedly breaking into computer systems online and stealing files.