Quartz reports a computer security company called Mandiant has traced hacks on newspaper, energy, and military contractor companies (among others) to a unit of the Chinese military.
The 74-page report is freely available and goes into depth about why the company believes “Unit 61398,” which they call “APT1,” is behind the attacks.
The group is housed in a 12-story building in Shanghai, and Mandiant has been monitoring their activity since 2006. In all, over 140 companies have been hacked.
While the firm believed staying quiet was the best way to gather information and work toward preventing the attacks – so the Chinese wouldn’t realize Mandiant was on to them – they’ve changed their minds since Chinese officials denied the accusation their government was involved and said that speculating otherwise was “unprofessional”…
Without establishing a solid connection to China, there will always be room for observers to dismiss APT actions as uncoordinated, solely criminal in nature, or peripheral to larger national security and global economic concerns. We hope that this report will lead to increased understanding and coordinated action in countering APT network breaches.
The report includes details of patterns in the attacks, profiles some of the specific hackers themselves, and offers up many of their passwords and tactics.