Mandiant Report Fingers Chinese Army Unit as Source of Widespread Hacking

A report (pdf) from the cybersecurity firm Mandiant accuses China of orchestrating cyberattacks attributed by the firm to APT1 (advanced persistent threat), which it says is responsible for attacks on more than 100 firms. From the report:

Our analysis has led us to conclude that APT1 is likely government-sponsored and one of the most persistent of China's cyber threat actors. We believe that APT1 is able to wage such a long-running and extensive cyber espionage campaign in large part because it receives direct government support. In seeking to identify the organization behind this activity, our research found that People's Liberation Army (PLA's) Unit 61398 is similar to APT1 in its mission, capabilities, and resources. PLA Unit 61398 is also located in precisely the same area from which APT1 activity appears to originate.

The report quotes a January 2013 response from China's defense ministry to accusations it was behind certain cyberattacks: "It is unprofessional and groundless to accuse the Chinese military of launching cyber attacks without any conclusive evidence." The Chinese foreign ministry responded to the report today with similar language. Via Slash Gear:

Chinese Foreign Ministry spokesman Hong Lei has stated that he doubted evidence collected would withstand scrutiny. Hong also said that making groundless accusations based on rough material is "neither responsible nor professional." Hong made these comments during a regularly scheduled news conference. China continues to maintain that it has also been the target of coordinated cyber attacks along with the United States and other countries.

Slate, meanwhile, points out that Mandiant is "a company in the right place at the right time":

[O]f course Mandiant's not just releasing this information for fun. Chinese hacking is big business for them. Brad Stone and Michael Riley reported earlier this month for Businessweek that Mandiant's 2012 revenue of over $100 million represented a 76 percent year-on-year increase. They say they represent 30 percent of the Fortune 100. Mandiant is so dominant in the China-focused counter-espionage game that the New York Times' reporting on the Mandiant report and other sources of information abotu Chinese hacking had to include an awkward disclaimer

The disclaimer referred to work Mandiant did in investigating the source of a cyberattack on the New York Times, which it concluded originated in China, likely in retaliation for covering corruption in the family of Chinese prime minister Wen Jiabao. A Pentagon report last summer called China "the world's most active and persistent perpetrators of economic espionage," largely through hacking. Google, meanwhile, began displaying warnings to users it believed were being targeted by state-sponsored hackers last summer.

Last week, President Obama signed an executive order for federal agencies to develop "voluntary standards" for cybersecurity in the private sector as well as to consider proposing new mandates for it.