Chinese military linked to 'overwhelming' number of cyberattacks

A new security report alleges that the Chinese military has a hand in an "overwhelming" number of cyberattacks.
Written by Charlie Osborne, Contributing Writer

A U.S.-based security research firm says that a building associated with the Chinese military is the source of an "overwhelming" percentage of cyberattacks.

Hired by the New York Times, security firm Mandiant has released a 60-page report which alleges members of sophisticated hacking groups known as "Comment Crew" and "Shanghai Group" have been traced back to a 12-story building associated with the People's Liberation Army General Staff's 3rd Department, otherwise known as Unit 61398 in Shanghai.

The Virginia-based firm says within its latest report that although it cannot be determined if the hackers are present within the building, forensic investigations have managed to lead the security team to the unit's door. Either way, it seems likely, as founder of Mandiant Kevin Mandia told the publication:

"Either they are coming from inside Unit 61398, or the people who run the most-controlled, most-monitored Internet networks in the world are clueless about thousands of people generating attacks from this one neighborhood."

Other security firms believe that hacking group "Comment Crew" is state-sponsored, and the latest U.S. National Intelligence Estimate has also suggested a number of these Chinese hacking groups have military or governmental backing due to the sophisticated nature of operations.

In addition, Mandiant's report -- and accompanying video below -- documents attacking sessions conducted by a China-based hacking group the firm calls the Advanced Persistent Threat group 1, or APT1. "Our analysis has led us to conclude that APT1 is likely government-sponsored and one of the most persistent of China's cyber threat actors," the report states.

ATP1 allegedly maintains an "extensive infrastructure" of computer systems around the world, and has systematically stolen terabytes of data from at least 141 organizations. In addition, ATP1 focuses on attacking systems in English-speaking countries, and intruding IP addresses have been traced back to Shanghai in over 97 percent of cases. Mandiant says that the infrastructure of the group suggests there may be hundreds of human operators.

In summary, the firm said that "the details we have analyzed during hundreds of investigations convince us that the groups conducting these activities are based primarily in China and that the Chinese government is aware of them."

In response, China has dismissed the report as "groundless," according to the Associated Press. Chinese Foreign Ministry spokesman Hong Lei chose not to comment directly on the claims concerning the Chinese military unit, but questioned whether the evidence would hold weight against scrutiny.

At a news conference, Hong told reporters that "to make groundless accusations based on some rough material is neither responsible nor professional," and reiterated China's official stance on hacking as illegal. Hong also said that it wasn't just the United States which suffers due to the expansion of cybercrime, but that the country itself was also a continual target of hackers.

Editorial standards