Cyber-Espionage Cell Linked to Chinese Army, Mandiant Report Says

Mandiant, the company investigating the cyber-security breaches at The New York Times and The Washington Post, has released a lengthy report exposing what it says is one of the most active cyber espionage cells of China’s People’s Liberation Army.

“It is time to acknowledge the threat is originating in China, and we wanted to do our part to arm and prepare security professionals to combat that threat effectively,” Mandiant writes in its report.  “Without establishing a solid connection to China, there will always be room for observers to dismiss APT actions as uncoordinated, solely criminal in nature, or peripheral to larger national security and global economic concerns.”

This espionage unit, known as “APT1” or Unit 61398, appears to be an extremely active state-sponsored group commissioned by the Chinese government to collect intelligence on US government and private sector institutions alike, according to the report.

The Mandiant says Unit 61398 employs hundreds or even thousands of people, uses fiber optic communications infrastructure provided by China Telecom, has 1,000 servers spread across numerous countries, at least 937 confirmed C&C servers and 2,551 domain names attributed to the Unit.

It seems three different “personas” are acting behind the various APT1 attacks that since 2006 have been gathering hundreds of terabytes of data from over 141 companies and institutions across the US and other English-speaking countries.

Chinese Foreign Ministry spokesman Hong Lei dismissed the Mandiant report’s accusations against China and said that China itself is a victim of countless cyber-attacks: “to make groundless accusations based on some rough material is neither responsible nor professional.”