Security firm Mandiant has released a damning report offering unprecedented evidence, including screen capture video, of the actions of an alleged Chinese military-backed hacking group.
The report, titled “APT1: Exposing One of China’s Cyber Espionage Units“, tracks the cyber espionage group dubbed Advanced Persistent Threat 1 as far back as 2006.
“Our analysis has led us to conclude that APT1 is likely government-sponsored and one of the most persistent of China’s cyber threat actors,” Mandiant wrote.
More specifically, the group is believed to be the 2nd Bureau of the People’s Liberation Army (PLA) General Staff Department’s (GSD) 3rd Department, also known as Unit 61398.
Appendices attached to the report include thousands of indicators of APT1’s methods, including domain names and IP addresses.
Working off an advance copy of the report, The New York Times followed the trail to buildings in Shanghai believed to house the unit. When the Times encountered persistent attacks from Chinese hackers last year, it worked with Mandiant to monitor and block the intrusions.
While Chinese officials have dismissed the claims of state-sponsored hacking as “groundless”, numerous media organizations, including Bloomberg and The Wall Street Journal, and companies have come forward to state that they faced similar attacks.
The PLA has long been suspected of orchestrating complicated cyber-attacks against foreign governments and corporations, but public evidence backing up those suspicions has been lacking. As such, Mandiant’s report stands as some of the most compelling proof of the Chinese hacking apparatus available to civilians.
If you’re interested in reading the full report, you can access it here.
Image credit: iStockphoto