Wednesday 13 March 2013

China army behind cyber attacks


U.S. firm says organisations across the globe, including in India, targeted

A shadowy Chinese military unit has been named as the source of cyber-attacks on hundreds of organisations around the world, after a Virginia-based security company traced the “Advanced Persistent Threat” to a nondescript building in Shanghai.

The cyber-security company, Mandiant, said in a report that the source — which it labelled APT1 — was “believed to be the 2nd Bureau of the People’s Liberation Army (PLA) General Staff Department’s (GSD) 3rd Department, which is most commonly known by its Military Unit Cover Designator (MUCD) as Unit 61398”.

While the nature of Unit 61398’s work was considered by China to be a state secret, Mandiant said it believed the unit engaged in harmful network operations from its site on Datong Road in Gaoqiaozhen, Pudong New Area of Shanghai.

APT1 had apparently “systematically stolen hundreds of terabytes of data from at least 141 organizations, and... demonstrated the capability and intent to steal from dozens of organizations simultaneously”, said Mandiant. The company mapped the wide-range of victims of Unit 61398’s alleged cyber-attacks, including three organisations in India. Countries that faced attacks included Canada, France, the United Kingdom, Norway, Belgium, Luxembourg, Israel, Switzerland, South Africa, Singapore, Taiwan and Japan.

WELL ORGANISED

While U.S. companies may be slow to gear up for the cyber-security challenge, the Mandiant report left little doubt that the alleged hackers were well-organised. Mandiant explained that Unit 61398’s central building was a 12-storey, 130,663-square-foot facility staffed by hundreds, perhaps thousands, and supplied by China Telecom with special fibre-optic communications infrastructure.

GOVERNMENT ROLE

On the role of the Chinese government, Mandiant added that in a January 2010 report it had said: “The Chinese government may authorise this activity, but there’s no way to determine the extent of its involvement.” However, three years later the security firm said it had obtained evidence to change its assessment and “The details we have analysed during hundreds of investigations convince us that the groups conducting these activities are based primarily in China and that the Chinese Government is aware of them.”


No comments:

Post a Comment