Chinese military behind hackings?

Victor Barreiro Jr.

This is AI generated summarization, which may have errors. For context, always refer to the full article.

American computer security firm Mandiant points to the possibility of a long-standing hacking group being a Chinese military unit

APT1 ACTIVITY. The activity of the most prolific Advanced Persistent Threat in cybersecurity. Screen shot from Mandiant report.

MANILA, Philippines – Mandiant, an American computer security firm, released a report and appendix outlining evidence that suggests a Chinese military unit is responsible for a sustained series of cyberattacks against various companies and institutions around the world.

The Mandiant report’s (full PDF here) executive summary said that details of an Advanced Persistent Threat (APT) analyzed through hundreds of investigations “convince us that the groups conducting these activities are based primarily in China and that the Chinese Government is aware of them.”

Some of the findings in the report explained that APT1, the most prolific group of the Advanced Persistent Threats, is located in Datong Road in Gaoqiaozhen, within Shanghai. The 2nd Bureau of the People’s Liberation Army (PLA) General Staff Department’s (GSD) 3rd Department, otherwise known as Unit 61398, is also located there.

Mandiant’s research also found PLA’s Unit 61398 “is similar to APT1 in its mission, capabilities, and resources.”

APT1 WORLD DISTRIBUTION. The Global Distribution of Confirmed APT1 servers. Screen shot from Mandiant PDF report.

In its investigation of APT1, Mandiant raised two possibilities. The first is that Unit 61398 may be APT1.

The other possibility, the firm wrote, is that “A secret, resourced organization full of mainland Chinese speakers with direct access to Shanghai-based telecommunications infrastructure is engaged in a multi year, enterprise scale computer espionage campaign right outside of Unit 61398’s gates, performing tasks similar to Unit 61398’s known mission.”

This Advanced Persistent Threat report is separate from the hacking attempts made on news organizations like The New York Times and The Wall Street Journal, though one mention of this particular report by Mandiant is done in a news piece written by The New York Times (linked below). 

APT1 CHINA SERVERS. The distribution of APT1 servers in China. Screen shot from Mandiant PDF report.

The New York Times article on the Mandiant report noted the importance of the firm’s report on US interests and security.

As the New York Times report explained, the escalating nature of the attacks over time “focus not just on stealing information, but obtaining the ability to manipulate American critical infrastructure: the power grids and other utilities.”

Despite this, the American government is hesitant to link the two groups due to diplomatic issues.

US President Barack Obama has taken initial steps to protect the country, however, by alluding to this in his State of the Union address. As he said in his speech, “Now our enemies are also seeking the ability to sabotage our power grid, our financial institutions, and our air traffic control systems. We cannot look back years from now and wonder why we did nothing in the face of real threats to our security and our economy.”

He also signed a Cybersecurity Executive Order to increase information sharing for national security purposes. – Rappler.com

Add a comment

Sort by

There are no comments yet. Add your comment to start the conversation.

Summarize this article with AI

How does this make you feel?

Loading
Download the Rappler App!
Person, Human, Sleeve

author

Victor Barreiro Jr.

Victor Barreiro Jr is part of Rappler's Central Desk. An avid patron of role-playing games and science fiction and fantasy shows, he also yearns to do good in the world, and hopes his work with Rappler helps to increase the good that's out there.