HOME     MENU     SEARCH     NEWSLETTER    
THE ENTERPRISE SECURITY SUPERSITE. UPDATED 5 MINUTES AGO.
You are here: Home / Cybercrime / Report Ties Attacks to China Military
Neustar, Inc.
Protect your website & network using real-time information & analysis
www.neustar.biz
Security Firm Ties Cyber-Attacks to China Military Unit
Security Firm Ties Cyber-Attacks to China Military Unit
By Jennifer LeClaire / Enterprise Security Today Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
FEBRUARY
19
2013
The Chinese military appears to be hacking into U.S. interests. Mandiant, a security firm The New York Times hired, just released a 60-page report that alleges members of "Comment Crew" and "Shanghai Group" have been tied to a 12-story building that's connected with the People's Liberation Army Unit 61398.

Mandiant's analysis led the firm to conclude that the APT1, a prolific cyber-espionage group that has conducted attacks on a number of victims since at least 2006, is likely sponsored by the Chinese government and is one of the most persistent of China's threat actors.

"APT1 focuses on compromising organizations across a broad range of industries in English-speaking countries," Mandiant said. "APT1 has systematically stolen hundreds of terabytes of data from at least 141 organizations."

Possibly Hundreds Involved

According to Mandiant, APT1 maintains an extensive infrastructure of computer systems around the world. In over 97 percent of the 1,905 times Mandiant observed APT1 intruders connecting to their attack infrastructure, APT1 used IP addresses registered in Shanghai and systems set to use the Simplified Chinese language.

The size of APT1's infrastructure implies a large organization with at least dozens, but potentially hundreds of human operators. In an effort to underscore that there are actual individuals behind the keyboard, the Mandiant reveals three personas that are associated with APT1 activity. Mandiant is also releasing more than 3,000 indicators to bolster defenses against APT1 operations.

"These issues with China are escalating, and at some point other countries have to acknowledge what appears to be a foreign country attacking their corporate citizens," said Alex Horan, senior product manager, CORE Security. "It feels like we've reach a tipping point here. The evidence is clear and the U.S. government will have to formally respond."

Jumping the Gun?

Graham Cluley, a senior security analyst at Sophos, said it shouldn't be forgotten that The New York Times was recently hacked and pointed the finger of blame firmly in the direction of China.

In late January, the Times reported criminals had stolen passwords for its reporters and other employees. The Wall Street Journal reported a similar incident the next day. But Cluley is warning to proceed with caution.

"As we've discussed before, attribution is the key problem in these stories. How can you prove that country X was behind an Internet attack rather than, say, a patriotic hacker working from his back bedroom, or a hijacked PC controlled by a hacker in a different country?" Cluley asked in a blog post.

"At the same time, we shouldn't be naive. Countries around the world (not just the Chinese) are using the Internet to spy on each other and gain advantage, whether it be political, financial or military. Mandiant has certainly put together a hefty report -- and it's well worth a read. Naturally, the Chinese government has debunked the claims."

Tell Us What You Think
Comment:

Name:

Like Us on FacebookFollow Us on Twitter
TOP STORIES NOW
MAY INTEREST YOU
Neustar, Inc. (NYSE: NSR) is a trusted, neutral provider of real-time information and analysis to the Internet, telecommunications, information services, financial services, retail, media and advertising sectors. Neustar applies its advanced, secure technologies in location, identification, and evaluation to help its customers promote and protect their businesses. More information is available at www.neustar.biz.
MORE IN CYBERCRIME
Product Information and Resources for Technology You Can Use To Boost Your Business
© Copyright 2014 NewsFactor Network, Inc. All rights reserved. Member of Accuserve Ad Network.