An American cybersecurity firm has linked what it calls one of the most prolific groups of computer hackers in the world to the Chinese military, saying in a report Tuesday that a computer espionage campaign is being conducted from a government location on the outskirts of Shanghai.
Investigators at Mandiant, based in Alexandria, Va., outlined the allegations in a 60-page study describing the group’s tactics over a seven-year period.
The document, first reported by The New York Times, draws on data the firm traced back to a group of hackers it has identified as a military unit in the People’s Liberation Army, going by the designation “Unit 61398.”
Mandiant said it has observed the group — known to many of its victims as the “Comment Crew” — repeatedly steal hundreds of terabytes of data from at least 141 organizations across 20 industries worldwide since 2006. One terabyte is equal to 1,000 gigabytes.
Organizations in English-speaking countries are reportedly the primary victims, with 115 attacks having targeted organizations in the United States.
“The sheer scale and duration of sustained attacks against such a wide set of industries from a singularly identified group based in China leaves little doubt about the organization behind [the group],” the firm said. “We believe the totality of the evidence we provide in this document bolsters the claim that [the group] is Unit 61398.”
Chinese foreign ministry spokesman Hong Lei on Tuesday dismissed the charges, countering that China is in fact the victim of many cyber-attacks.
“Making baseless accusations based on premature analysis is irresponsible and unprofessional,” he said. “We don’t know how the evidence in this so-called report can be tenable.”
According to The Times, other security firms that have tracked the hackers say they also believe the group is state-sponsored.
“Either they are coming from inside Unit 61398, or the people who run the most controlled, most monitored Internet networks in the world are clueless about thousands of people generating attacks from this one neighborhood,” Kevin Mandia, the founder and chief executive of Mandiant, told the newspaper.
The firm estimates that hundreds, possibly thousands of people work in the unit, which is housed in a 12-story, 130,663-square-foot facility.
Mandiant said the hackers have a “well-defined attack methodology,” and have stolen large volumes of intellectual property.
The report comes at a time when intelligence officials in the United States are increasingly concerned about the threats posed by cybercrime, especially from foreign governments.
Earlier this month, President Barack Obama signed an executive order intended to address the nation’s cybersecurity needs.
The directive will make it easier for private companies in charge of the nation’s infrastructure to share information about cyber-attacks with the government and will enable the government to work with the private sector on standards to help protect companies from computer espionage.
The report did not name companies or agencies that have been attacked, but in recent weeks, several leading U.S. news organizations, including The New York Times, The Washington Post and The Wall Street Journal have reported their computer networks had been targeted by China-based hackers.
The Times said Tuesday, however, that the so-called “Comment Crew” in Shanghai was not behind the attack on its network.
The Mandiant report identifies three individuals working with the group who use the monikers Ugly Gorilla, dota, and Super-Hard.
“It is time to acknowledge the threat is originating in China, and we wanted to do our part to arm and prepare security professionals to combat that threat effectively,” the report said.
“Without establishing a solid connection to China, there will always be room for observers to dismiss [the group’s] actions as uncoordinated, solely criminal in nature, or peripheral to larger national security and global economic concerns.”
According to The Times, the Obama administration plans to tell China’s new leaders in the coming weeks that the volume and sophistication of the cyber-attacks have become so intense that they threaten the fundamental relationship between Washington and Beijing.