Carlos Barria / Reuters
A general view of 'Unit 61398,' a secretive Chinese military unit on the outskirts of Shanghai on Feb. 19. The unit is believed to be behind a series of hacking attacks, a U.S. computer security company said, prompting a strong denial by China and accusations that it was in fact the victim of U.S. hacking.
BEIJING – A group of hackers linked to the Chinese military has stolen reams of sensitive data from more than 100 prominent American companies and organizations, according to an explosive new report.
“The details we have analyzed during hundreds of investigations convince us that the groups conducting these activities are based primarily in China and that the Chinese Government is aware of them,” U.S. computer-security firm Mandiant Corp. said in a 74-page report released on Tuesday.
The story was first reported by The New York Times.
One group originating from China that Mandiant had been tracking since 2006 and identified in the study as “APT1” allegedly swiped data from 141 companies in 20 industries ranging from aerospace to telecommunications, according to the report. More than 110 of those companies were American, according to Mandiant.
Mandiant said that the data suggests that the hacker group was either working for or sponsored by China’s People’s Liberation Army. Indeed, according to the organization’s information, APT1’s activity originated from a People’s Liberation Army cyberware division known as “Unit 61398.”
“Our research found that People’s Liberation Army (PLA’s) Unit 61398 is similar to APT1 in its mission, capabilities, and resources,” it said, according to the report. “PLA Unit 61398 is also located in precisely the same area from which APT1 activity appears to originate.”
Mandiant said that the hacking originated from a drab 12-story office building on the outskirts of Shanghai. Hundreds, maybe even thousands, of operatives performed covert corporate espionage and extracted trade secrets, blueprints, pricing data and other corporate information from countless American servers from the innocuous tower, according to Mandiant.
The Wall Street Journal and The New York Times reported on Thursday that Chinese hackers repeatedly penetrated their computer systems. NBC's Pete Williams reports.
The hackers used techniques like “spear-phishing” -- using spoof emails to trick users into granting access to internal servers --demonstrating a strong proficiency in the English language and advanced understanding of computer security and network operations, the organization said.
Though the story exploded on Twitter and in the foreign news media, it has hardly made any waves in China. Twitter has long been blocked in the country and foreign media companies that broadcast on the mainland like CNN were blacked out when the report was mentioned on air.
Coverage of Mandiant’s report was also absent from Chinese news websites, but some discussion of the report could still be found on China’s Twitter-like service, Weibo.
“Chinese hackers are so capable! I always thought Americans are very powerful!” exclaimed one user.
“Reports by foreign media cannot be fully trusted,” warned another user, “but there must be something.”
This was a sentiment partly shared by China’s Foreign Ministry spokesman, Hong Lei, who responded today to questions about the hacking report by calling them “groundless” and reiterating the government’s