First, it was McAfee’s five-year investigation dubbed Operation Shady RAT that revealed a “single actor” was engaging in electronic intrusions worldwide.
Now, it’s the Advanced Persistent Threat (APT1) report which fingers shady actors named “UglyGorilla,” who registers domains and authors malware; “DOATA,” who conducts social engineering and phishing attacks through email programs; and “SuperHard,” who creates and contributes to malware programs.
In an unprecedented departure from company policy, the information security firm Mandiant on Tuesday took the unusual step of implicating the Chinese government in the theft of massive amounts of data from at least 140 organizations spanning 20 major industries since 2006.
Mandiant, in an explosive new report, alleges that the Communist Party of China has full knowledge of and gives cooperation to systematic acts of cyber espionage and data theft through the People’s Liberation Army’s strategic cyber command center — specifically, the General Staff Department’s 3rd department, 2nd Bureau known as Unit 61398, or APT1.
“It is time to acknowledge the threat is originating from China, and we wanted to do our part to arm and prepare security professionals to combat that threat effectively,” the company explained in the report’s executive summary.
Unit 61398, believed to be the source of the APT1 attacks investigated for years by Mandiant, operates in a 12-story-high, 130,663 square foot complex located in Shanghai.
Built in 2007 and operating as a “state secret” for national defense purposes, Unit 61398 is believed to conduct harmful “Computer Network Operations”
In a prior 2010 report, Mandiant stopped short of publicly concluding the extent of China’s involvement in computer security breaches.
“Now, three years later, we have the evidence required to change our assessment,” the company said. “The details we have analyzed during hundreds of investigations convince us that the groups conducting these activities are based primarily in China and that the Chinese Government is aware of them.”
A spokesman for the U.S. Department of Defense would not comment specifically on Mandiant’s cyber espionage report.
“I’m not commenting on any particular state actor,” Pentagon Press Secretary George Little said today in Washington, D.C. “We see cyber threats emanate from a number of places. We have discussed the cyber threat with many countries around the world.”
Little did acknowledge that Defense Secretary Leon Pannetta raised American concerns about cyber issues in his 2012 visit to China.
“We have repeatedly raised our concerns at the highest levels about cyber theft with Chinese officials,” Little stated,” including the military, and we will continue to do so.”
Mandiant has compiled a wealth of evidence which points directly to the Communist country, including more than 3,000 indicators to help security professionals bolster their defenses against APT1 operations.
Among the indicators released by Mandiant:
- Domain names, IP addresses, and MD5 hashes of malware
- Detailed descriptions of over 40 families of malware in APT1′s arsenal of digital weapons
- Thirteen encryption certificates used by APT1
- A compilation of videos showing actual attacker sessions and their intrusion activities
“We are acutely aware of the risk this report poses for us,” a company spokesman said. “We expect reprisals from China as well as an onslaught of criticism.”
WATCH MORE FROM MANDIANT:
Did you find this content interesting? If so, please consider a small PayPal donation.