The US-based security firm Mandiant has released a report detailing hacking it says was conducted by a cyber unit of the Chinese People’s Liberation Army (PLA). The report alleges that the group of hackers, dubbed Advanced Persistent Threat 1 (APT1), has been conducting cyber espionage “against a broad range of victims since at least 2006.”
This is one of the most prolific cyber espionage groups the Mandiant has encountered in terms of volume of data stolen. Mandiant analyzed over 140 APT1 intrusions over the course of seven years, spanning 20 industries and multiple nations. The cyber-security firm believes this represents “only a small fraction of the cyber espionage that APT1 has conducted.”
Mandiant’s report expresses a belief that APT1 receives “direct government support,” and that APT1 is in fact a cyber-operations unit of the PLA, named Unit 61938. The report cites Unit 61938’s similar “mission, capabilities, and resources” to that of APT1, and notes that the location of Unit 61938 corresponds with the exact area where many APT1 intrusions were traced.
The Chinese Defense Ministry responded strongly to the Mediant report, slamming the publication for lacking in “technical proof,” Reuters reported. The Ministry argued that as cyber attacks are often made from stolen or hijacked IP addresses, the use of IP locations as a method of proof is extremely weak. Cybercrime’s secretive nature makes accurate tracing inherently difficult, the Chinese statement added.
The Ministry said that a large number of hacking that occurs in China originates from the US, but that China did not see this as an invitation to “criticize” the US. It also stressed that “attacks” in the media serve to unnecessarily destroy an atmosphere for cooperation, USA Today reported.
While confident that the evidence supported claims that APT1 and Unit 61398 are one and the same, Mandiant does admit there is an alternative explanation: that a group of independent hackers has successfully operated with impunity over a number of years in one of the world’s most tightly controlled internet countries, and the Chinese government has been unaware. Mediant finds the scenario “unlikely.”
The difficulty in quantifying cyber attacks and accurately tracing the sources breeds skepticism on the size of the problem. State-sponsored cyber-warfare for political and economic reasons is an unquestioned reality, but there are differing opinions on which states represent the greatest threat in cyberspace. James Fallows argued in The Atlantic that China may not be the first, or even the second greatest state-level threat to cyber-security – those dubious honors were given to Russia and Israel, respectively. It is worth remembering that while China is a key focus for US security issues, it is not the only player in the battle for information in the internet age.