A new report claims to have found the exact origin of a campaign of massive cyberattacks against the US, Canada, and Britain. The building in Shanghai is linked to the Chinese military.?
The building housing 'Unit 61398' of the People?s Liberation Army is seen in the outskirts of Shanghai Tuesday. Cyberattacks that stole information from 141 targets in the US and other countries have been traced to the Chinese military unit in the building, a US security firm alleged Tuesday. China dismissed the report as 'groundless.'
AP
EnlargeChina?s military is the silent hand behind a major cyberespionage organization located in Shanghai and blamed for stealing titanic volumes of intellectual property from more than 100 companies worldwide during the past seven years, concludes a new report by a leading US cybersecurity firm.
Skip to next paragraph' +
google_ads[0].line2 + '
' +
google_ads[0].line3 + '
Subscribe Today to the Monitor
The report, issued by Mandiant of Alexandria, Va., is unusual in the degree to which it points the finger directly at China's military. For years, researchers have chronicled an ?advanced persistent threat? against Western cyber networks and hinted that Chinese actors were the likely culprits, not outsiders coopting Chinese computers. But the Mandiant report, ?APT1: Exposing One of China?s Cyber Espionage Units,? pulls no punches.
?It is time to acknowledge the threat is originating in China, and we wanted to do our part to arm and prepare security professionals to combat that threat effectively,? the Mandiant report said. ?Without establishing a solid connection to China, there will always be room for observers to dismiss APT [advanced persistent threat] actions as uncoordinated, solely criminal in nature, or peripheral to larger national security and global economic concerns.?
Mandiant says it observed a group it dubbed ?APT1? first infiltrating, then stealing data from computer networks of at least 141 companies spanning 20 major industries. Of the targeted companies, 115 were in the US, seven in Canada and Britain, and 17 of 19 others also conducting their business in English.
Targeted for theft were ?broad categories of intellectual property, including technology blueprints, proprietary manufacturing processes, test results, business plans, pricing documents, partnership agreements, and emails and contact lists from victim organizations? leadership.?
At just one company, Mandiant researchers discovered 6.5 terabytes of data were stolen over a 10 month period ? all exfiltrated back to computers identified in the same block in Shanghai ? where the Chinese military?s cyberespionage unit is located. Sometimes data was seen being stolen from dozens of victims at once, Mandiant reported.
APT1 generally established access through spear-phishing ? the ploy of sending to someone in a targeted company an e-mail that is designed to look legitimate but carries malware in an attachment. Once they gained access to a system, the cyberspies periodically revisited the victim?s network over several months or years.
The findings broadly square with those of other cybersecurity researchers. What Mandiant calls APT1 others have called ??Comment Crew? or the ?Shanghai Group.? But the Mandiant report offers unprecedented detail in its 200 page report to specifically identify APT1 as actually the cyberespionage section of the Chinese People?s Liberation Army (PLA) ? even if it lacks a ?smoking gun.?
Mandiant says it traced the data flow, IP addresses, and other digital signatures of the attackers to a block in downtown Shanghai that includes a new, white brick 12-story office building that is home to the Second Bureau of the PLA?s General Staff Department?s Third Department. That group?s most common designation is ?Unit 61398,? and it is estimated to have hundreds or possibly thousands of employees ? and English proficiency is a requirement.
The Mandiant findings make sense to L.C. Russell Hsiao, a senior research fellow at the Project 2049 Institute, a nonprofit group in Arlington, Va., that has made a specialty of analyzing China's cyber and signals intelligence units within the PLA.
In 2011, Project 2049 produced a report that also identifies Unit 61398 as a cyberespionage group run by the PLA that ?appears to function as the Third Department?s premier entity targeting the United States and Canada, most likely focusing on political, economic, and military-related intelligence.?
katharine mcphee cold mountain valentines day ideas the villages florida egoraptor gisele bundchen turbotax
কোন মন্তব্য নেই:
একটি মন্তব্য পোস্ট করুন