BEIJING — A U.S. security firm has linked China’s military to cyberattacks on more than 140 U.S. and other foreign corporations and entities, according to a report released Tuesday.
The document, first reported by the New York Times, draws on information that Mandiant collected from what the company said was the systematic theft of data from at least 141 organizations over seven years. Mandiant traced the attacks back to a single group it designated “Advanced Persistent Threat 1,” or “APT1,” and now has identified the group as a Chinese military unit within the 2nd Bureau of the People’s Liberation Army General Staff Department’s 3rd Department, code named “Unit 61398.”
Although most of the targets were U.S. companies, a Mandiant official said APT1 also hit about a dozen entities that he described as smaller U.S. local, state and federal government agencies unable to protect themselves, as well as international governmental organizations overseas, including bodies in which China might have membership.
At the White House, press secretary Jay Carney declined to address the findings of the Mandiant report or say whether it squared with U.S. intelligence assessments. Carney told reporters: “We have repeatedly raised our concerns at highest levels about cybertheft with senior Chinese officials, including the military, and we will continue to do so. It’s an important challenge, one the president has been working on and urging Congress to work on for quite some time. The United States and China are among the world’s largest cyber-actors, so it’s critical.”
Lt. Col. Damien Pickart, a Pentagon spokesman, said the administration “is taking an active, whole-of-government approach to addressing the issue of cyber theft.” The Defense Department “takes seriously its role in this approach to defend the nation from those who would attempt to use cyberspace against U.S. security or national interests and is prepared to offer its capabilities and forces, when so directed,” he said. He added that the Pentagon regularly releases “technical information intended to improve the ability of U.S. companies and critical infrastructure to defend against cyber intrusions.”
It is “vital” that the United States and China “continue a sustained, meaningful dialogue and work together to develop an understanding of acceptable behavior in cyberspace,” Pickart said.
Analysts have long linked the unit to the Chinese military’s 3rd Department, and to extensive cyber-espionage. But what Mandiant has done is connect the dots and add new ones by locating the Internet protocol addresses used in commercial cyberattacks, placing them on a map and linking that information to open-source data about people associated with the unit.