An unusually detailed 60-page study, to be released Tuesday by Mandiant, an American computer security firm, tracks for the first time individual members of the most sophisticated of the Chinese hacking groups — known to many of its victims in the United States as “Comment Crew” or “Shanghai Group” — to the doorstep of the military unit’s headquarters. The firm was not able to place the hackers inside the 12-story building, but makes a case there is no other plausible explanation for why so many attacks come out of one comparatively small area.
“Either they are coming from inside Unit 61398,” said Kevin Mandia, the founder and chief executive of Mandiant, in an interview last week, “or the people who run the most-controlled, most-monitored Internet networks in the world are clueless about thousands of people generating attacks from this one neighborhood.”
US firm says evidence points to China’s military in hacking attacks; China denies allegation – The Washington Post
Mandiant said it traced the hacking back to a neighborhood in the outskirts of Shanghai that includes a drab, white 12-story office building run by “Unit 61398” of the People’s Liberation Army.
The unit “has systematically stolen hundreds of terabytes of data from at least 141 organizations,” Mandiant wrote. By comparison, the U.S. Library of Congress 2006-2010 Twitter archive of about 170 billion tweets totals 133.2 terabytes.
BBC News – China military unit ‘behind prolific hacking’
“From our observations, it is one of the most prolific cyber espionage groups in terms of the sheer quantity of information stolen,” it said, adding that it was “likely government-sponsored and one of the most persistent of China’s cyber threat actors”.
“We believe that APT1 is able to wage such a long-running and extensive cyber espionage campaign in large part because it receives direct government support,” said Mandiant.
This sounds like war to me. What’s the US going to do about it? Probably nothing.