Mandiant Report Fingers Chinese Army Unit as Source of Widespread Hacking

lMandiantA report (pdf) from the cybersecurity firm Mandiant accuses China of orchestrating cyberattacks attributed by the firm to APT1 (advanced persistent threat), which it says is responsible for attacks on more than 100 firms. From the report:

Our analysis has led us to conclude that APT1 is likely government-sponsored and one of the most persistent of China’s cyber threat actors. We believe that APT1 is able to wage such a long-running and extensive cyber espionage campaign in large part because it receives direct government support. In seeking to identify the organization behind this activity, our research found that People’s Liberation Army (PLA’s) Unit 61398 is similar to APT1 in its mission, capabilities, and resources. PLA Unit 61398 is also located in precisely the same area from which APT1 activity appears to originate.

The report quotes a January 2013 response from China’s defense ministry to accusations it was behind certain cyberattacks: “It is unprofessional and groundless to accuse the Chinese military of launching cyber attacks without any conclusive evidence.” The Chinese foreign ministry responded to the report today with similar language. Via Slash Gear:

Chinese Foreign Ministry spokesman Hong Lei has stated that he doubted evidence collected would withstand scrutiny. Hong also said that making groundless accusations based on rough material is “neither responsible nor professional.” Hong made these comments during a regularly scheduled news conference. China continues to maintain that it has also been the target of coordinated cyber attacks along with the United States and other countries.

Slate, meanwhile, points out that Mandiant is “a company in the right place at the right time”:

[O]f course Mandiant's not just releasing this information for fun. Chinese hacking is big business for them. Brad Stone and Michael Riley reported earlier this month for Businessweek that Mandiant's 2012 revenue of over $100 million represented a 76 percent year-on-year increase. They say they represent 30 percent of the Fortune 100. Mandiant is so dominant in the China-focused counter-espionage game that the New York Times' reporting on the Mandiant report and other sources of information abotu Chinese hacking had to include an awkward disclaimer

The disclaimer referred to work Mandiant did in investigating the source of a cyberattack on the New York Times, which it concluded originated in China, likely in retaliation for covering corruption in the family of Chinese prime minister Wen Jiabao. A Pentagon report last summer called China “the world's most active and persistent perpetrators of economic espionage,” largely through hacking. Google, meanwhile, began displaying warnings to users it believed were being targeted by state-sponsored hackers last summer.

Last week, President Obama signed an executive order for federal agencies to develop “voluntary standards” for cybersecurity in the private sector as well as to consider proposing new mandates for it.

Editor's Note: We invite comments and request that they be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of or Reason Foundation. We reserve the right to delete any comment for any reason at any time. Report abuses.

  • db||

    Dr. Girlfriend (who is in network security) just sent this report to me. Looks like the first major published evidence of Chinese government involvement in the Advanced Persistent Threat, and that it is likely tied to the Chinese military.

  • Cytotoxic||

    So is Reason gonna stop pretending that cyberattacks 'n hacks are a triviality? Because it's clear they're not.

  • ||

    What exactly is the threat here? I didn't RTFPDF, but is there evidences of Classified Pentagon information being obtained? Because I don't give a fuck if Joe's Burger Shack was hacked.

  • Another David||

    Infrastructure. An attacker with access to the computer systems that control a power station or water utility can cause that system to stop working.

  • tarran||

    Which is why you don't put mission critical stuff on a LAN connected with the Internet!

    It's not hard! It's inconvenient, but not hard.

  • Hugh Akston||

    I think Reason has been covering unauthorized computer access by US law enforcement agencies as a very serious matter for years.

  • Rich||

  • LTC(ret) John||

    Beat me to it - send in the dronez?

  • db||

    Hellfire armed
    Target locked on
    Ali's wedding there on the ground
    Death in the air
    Send in the drones

  • CampingInYourPark||

    "Last week, President Obama signed an executive order for federal agencies to develop 'voluntary standards' for cybersecurity in the private sector as well as to consider proposing new mandates for it."

    The internet is clearly broken and needs some common-sense measures taken to fix it.

  • CampingInYourPark||

    P.S.: That business data on your network, you didn't make that!

  • db||

    Well, if you travel to China, there's a good chance you don't own that data anymore.

  • ||

    Oh boy oh boy, do we have casus belli? We can war our way out of the recession! How grand!

  • db||

    Yeah, instead of sending our American money over to China in exchange for goods, let's buy ordnance in the U.S. and then ship the ordnance to China via the most expeditious route! What could go wrong?

  • ||

    Economy. Stimulated. Bitches.

  • db||

    We'll just have to be extra careful not to break any windows in China. Don't want to inadvertently stimulate the enemy's economy. That could be treason!

  • LTC(ret) John||

    Just use EMP munitions! Network down, US can sell them replacement infrastructure and O! can brag how he had it all bugged and set with backdoor access and such, not only coming across as an economic savior, but a defense badass.

  • Sudden||

    If it results in thinning about half of the herd that is my generation, it may be a net positive.

  • db||

    Wait, so you're a Progressive now?

  • db||

    Intended for Sudden.

  • sarcasmic||

    The crucial thing that is missing here is how many of these attacks are successful and against whom.

  • Lincoln||

    Is this another "Weapons of Mass Destruction"? Maybe we should find out why Mandiant was looking and what their methodology was before being hand fed like dogs.

  • db||

    Read the report. Mandiant is an independent organization that contracts to investigate computer security incidents with many clients. They used data gathered on actual network intrusions and cyberattacks to formulate their conclusions.


Get Reason's print or digital edition before it’s posted online

  • Video Game Nation: How gaming is making America freer – and more fun.
  • Matt Welch: How the left turned against free speech.
  • Nothing Left to Cut? Congress can’t live within their means.
  • And much more.