Discuss as:

Report: Chinese army tied to widespread US hacking

Carlos Barria / Reuters

A general view of 'Unit 61398,' a secretive Chinese military unit on the outskirts of Shanghai on Feb. 19. The unit is believed to be behind a series of hacking attacks, a U.S. computer security company said, prompting a strong denial by China and accusations that it was in fact the victim of U.S. hacking.

BEIJING – A group of hackers linked to the Chinese military has stolen reams of sensitive data from more than 100 prominent American companies and organizations, according to an explosive new report.

“The details we have analyzed during hundreds of investigations convince us that the groups conducting these activities are based primarily in China and that the Chinese Government is aware of them,” U.S. computer-security firm Mandiant Corp. said in a 74-page report released on Tuesday.

The story was first reported by The New York Times.

One group originating from China that Mandiant had been tracking since 2006 and identified in the study as “APT1” allegedly swiped data from 141 companies in 20 industries ranging from aerospace to telecommunications, according to the report. More than 110 of those companies were American, according to Mandiant.

Mandiant said that the data suggests that the hacker group was either working for or sponsored by China’s People’s Liberation Army. Indeed, according to the organization’s information, APT1’s activity originated from a People’s Liberation Army cyberware division known as “Unit 61398.”

“Our research found that People’s Liberation Army (PLA’s) Unit 61398 is similar to APT1 in its mission, capabilities, and resources,” it said, according to the report.  “PLA Unit 61398 is also located in precisely the same area from which APT1 activity appears to originate.”

Mandiant said that the hacking originated from a drab 12-story office building on the outskirts of Shanghai. Hundreds, maybe even thousands, of operatives performed covert corporate espionage and extracted trade secrets, blueprints, pricing data and other corporate information from countless American servers from the innocuous tower, according to Mandiant.

The Wall Street Journal and The New York Times reported on Thursday that Chinese hackers repeatedly penetrated their computer systems. NBC's Pete Williams reports.

The hackers used techniques like “spear-phishing” -- using spoof emails to trick users into granting access to internal servers --demonstrating a strong proficiency in the English language and advanced understanding of computer security and network operations, the organization said.

Media blackout
Though the story exploded on Twitter and in the foreign news media, it has hardly made any waves in China. Twitter has long been blocked in the country and foreign media companies that broadcast on the mainland like CNN were blacked out when the report was mentioned on air. 

Coverage of Mandiant’s report was also absent from Chinese news websites, but some discussion of the report could still be found on China’s Twitter-like service, Weibo.

“Chinese hackers are so capable! I always thought Americans are very powerful!” exclaimed one user.

“Reports by foreign media cannot be fully trusted,” warned another user, “but there must be something.”

Related: Wall Street Journal infiltrated by Chinese hackers

This was a sentiment partly shared by China’s Foreign Ministry spokesman, Hong Lei, who responded today to questions about the hacking report by calling them “groundless” and reiterating the government’s unwavering position on the matter.

“To make groundless accusations based on some rough material is neither responsible nor professional,” he said, before noting that China was also the victim of hacking attacks.

Hong also argued that the new evidence provided by Mandiant and the New York Times will not withstand closer scrutiny.

But China’s cyber activities have been under increasingly closer scrutiny in recent weeks, as a slew of news stories have come out about Beijing’s reported hacking ambitions. Last month, the New York Times reported that its own servers had been attacked by hackers originating in China, possibly in response to an embarrassing expose it published showing the hidden riches of out-going Chinese premier, Wen Jiabao.

While the White House has largely remained silent on the hacking issue -- President Barack Obama mentioned hacking in his State of the Union but did not specifically cite China -- the government has been noticeably increasing efforts to strengthen cyber security.

Last week Obama issued an Executive Order calling for the improving of critical infrastructure tied to cyber security. That the move came on the eve of the publication of two similar exposes -- last week Bloomberg printed another story demonstrating PLA hacking of American systems -- suggests the administration could be taking a long called for tougher stance on Chinese hacking by “naming and shaming” known mainland hacking groups.  

NBC News' Le Li contributed to this report.


Congress urged to probe Chinese cyber-espionage

Internet Explorer zero-day exploit linked to China