Mandiant produces evidence of China’s secret cyber army at work

19 Feb 2013

Security player Mandiant has produced a report that purports to show China’s secret cyber armies being built up. It says it has been tracking a single organisation called APT1, which has been conducting a cyber-espionage campaign since 2006.

The group APT1 is believed to be the 2nd Bureau of the People’s Liberation Army (PLA) General Staff Department’s 3rd Department, commonly known by its Military Cover Unit Designator (MUCD) as Unit 61398.

“Our analysis has led us to conclude that APT1 is likely government-sponsored and one of the most persistent of China’s cyber threat actors,” Mandiant said.

“The scale and impact of APT1’s operations compelled us to write this report.”

Mandiant claims that APT1 has systematically stolen hundreds of terabytes of data from at least 141 organisations and focuses particularly on industries in English-speaking countries.

In releasing more than 3,000 indicators to help firms bolster their defences against alleged APT1 operations, Mandiant claims APT1 maintains an extensive infrastructure of computer systems around the world.

The size of APT1’s infrastructure implies a large organisation with at least dozens, but potentially hundreds, of human operators.

“In over 97pc of the 1,905 times Mandiant observed APT1 intruders connecting to their attack infrastructure, APT1 used IP addresses registered in Shanghai and systems set to use the simplified Chinese language,” Mandiant said.

Sinister signal image via Shutterstock

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years