© 2024 Kansas City Public Radio
NPR in Kansas City
Play Live Radio
Next Up:
0:00 0:00
Available On Air Stations

Clues Connect Global Hacking To Chinese Government, Security Firm Says

Cyberattack headquarters? The 12-story building in a Shanghai suburb that American investigators say houses an operation responsible for hundreds of cyberattacks on companies around the world.
Peter Parks
AFP/Getty Images
Cyberattack headquarters? The 12-story building in a Shanghai suburb that American investigators say houses an operation responsible for hundreds of cyberattacks on companies around the world.

"Hundreds of investigations convince us" that the Chinese government is at least aware of, and likely sponsoring, cyber thieves who have stolen massive amounts of information from companies around the world, including American defense contractors, a U.S. security firm reported Tuesday.

Virginia-based Mandiant Corp., which posted its findings online, says that its analysis leads it to conclude that "Advanced Persistent Threat 1," as it calls the operation, "is likely government-sponsored and one of the most persistent of China's cyber threat actors."

According to Mandiant, since 2006 it has "observed APT1 compromise 141 companies spanning 20 major industries."

The firm writes that:

"We believe that APT1 is able to wage such a long-running and extensive cyber espionage campaign in large part because it receives direct government support. In seeking to identify the organization behind this activity, our research found that People's Liberation Army (PLA's) Unit 61398 is similar to APT1 in its mission, capabilities, and resources. PLA Unit 61398 is also located in precisely the same area from which APT1 activity appears to originate."

For its part, as The Associated Press says, "China's Foreign Ministry dismissed the report as 'groundless,' and the Defense Ministry denied any involvement in hacking attacks."

OnMorning Edition today, NPR's Frank Langfitt reported that Mandiant's Dan McWhorter says most of the companies targeted by the hacking have been American. The cyber thieves' goal, says McWhorter, is to steal information in order to benefit Chinese firms.

"In China, the government is very intimately involved in industry," McWhorter said. "So I think the PLA is motivated to take these documents for huge economic gain."

Tracking the hacking to the PLA wasn't that hard, McWhorter said, because the volume was enormous. "We just followed the data, followed the bread crumbs," he said. "All the network communication kept going back to Shanghai again and again. ... And so then we started doing our research, as far as what kind of organizations could be that large doing this type of activity. And that's what lead us to discover unit 61398."

The New York Times, which broke the news about Mandiant's findings, writes that "a growing body of digital forensic evidence — confirmed by American intelligence officials who say they have tapped into the activity of the army unit for years — leaves little doubt that an overwhelming percentage of the attacks on American corporations, organizations and government agencies originate in and around the white tower" on the outskirts of Shanghai where PLA Unit 61398 is headquartered.

What is Mandiant? Last May, NPR's Tom Gjelten looked at the company, which was "founded in 2004 by Kevin Mandia, a former Air Force officer with a background in security consulting. The company distinguished itself early by helping companies learn more about who was attacking them, as opposed to protecting the companies from the malicious software, or malware, the attackers were using."

Copyright 2020 NPR. To see more, visit https://www.npr.org.

Frank Langfitt on 'Morning Edition'

Mark Memmott is NPR's supervising senior editor for Standards & Practices. In that role, he's a resource for NPR's journalists – helping them raise the right questions as they do their work and uphold the organization's standards.
KCUR serves the Kansas City region with breaking news and award-winning podcasts.
Your donation helps keep nonprofit journalism free and available for everyone.