US firm points to China’s military in hacking attacks
China denies the allegation, dismisses the Mandiant report as “groundless.”
BEIJING — Cyberattacks that stole information from 141 targets in the US and other countries have been traced to a Chinese military unit in a drab office building in the outskirts of Shanghai, a US security firm has alleged. China dismissed the report as “groundless.”
The report by the Virginia-based Mandiant Corp. is the most explicit suggestion yet by a Western security company that China’s military might be directly linked to a wave of cyberspying against US and other foreign companies and government agencies.
Mandiant said it has traced the massive amount of hacking back to a 12-story office building run by “Unit 61398” of the People’s Liberation Army, and that the attacks targeted key industries including military contractors and companies that control energy grids.
The unit “has systematically stolen hundreds of terabytes of data from at least 141 organizations,” Mandiant wrote.
“From our observations, it is one of the most prolific cyberespionage groups in terms of the sheer quantity of information stolen,” the company said, adding that the unit has been in operation since at least 2006.
Chinese Foreign Ministry spokesman Hong Lei did not directly address the claims, but when questioned on the report, he said he doubted the evidence would withstand scrutiny.
“To make groundless accusations based on some rough material is neither responsible nor professional,” Hong told reporters at a regularly scheduled news conference.
In a reiteration of China’s standard response to such accusations, Hong said China strictly outlaws hacking and said the country itself was a major victim of such crimes, including attacks originating in the US.
“As of now, the cyberattacks and cybercrimes China has suffered are rising rapidly every year,” Hong said.
China has frequently been accused of hacking, but the Mandiant report contains some of the most extensive and detailed accusations made public so far. The group said its findings led it to alter the conclusion of its earlier 2010 report on Chinese hacking, in which it said it was not possible to determine the extent of government knowledge of such activities.
“The details we have analyzed during hundreds of investigations convince us that the groups conducting these activities are based primarily in China and that the Chinese government is aware of them,” the company said in a summary of its latest report.
It said the hacking was traced to the 2nd Bureau of the People’s Liberation Army General Staff’s 3rd Department, most commonly known as unit 61398, in the Shanghai suburbs.
China’s Defence Ministry did not immediately respond to faxed questions about the report, although it has in the past labelled such allegations as groundless and irresponsible, and has demanded that evidence be presented.
News of the report spread Feb. 19 on the Chinese internet, with many commentators calling it an excuse for the US to impose greater restrictions to contain China’s growing technological prowess.