Chinese military unit said to resume cyber spying
WASHINGTON—A Chinese military unit that a private U.S. computer security company accused of launching more than 115 cyber attacks against American companies over seven years has resumed hacking after a three-month hiatus, the company’s chief security officer said Wednesday.
The clandestine army unit, known as Unit 61398, “went quiet for a while—they changed the nature of their activities, they removed some of the tools that they had been using inside of different companies,” said Richard Bejtlich of Mandiant, which specializes in defending companies from cyber attacks and purging malware from computer networks that have been breached.
“But over the course of the last several weeks it seems they are trying to ramp back up.... They seem to be trying to get back into some of their old targets,” he said.
Bejtlich’s remarks to the Center for National Policy, a nonpartisan think tank in Washington, came as the Obama administration weighs how to respond to what senior officials have called a massive campaign of commercial espionage emanating from China, and as Congress mulls legislation to enable companies and the government to share cyber-threat information.
China disputes that it engages in commercial espionage through hacking, but Bejtlich and other private researchers, backed by U.S officials, say breaches of U.S. corporate networks from China have not tapered off. The U.S. government makes aggressive use of cyber spying, including against China, but officials say it does not target economic secrets for the benefit of American industry.
On Tuesday, Gen. Keith Alexander, who heads the National Security Agency and U.S. Cyber Command, told a cyber-security summit sponsored by the Reuters news agency that U.S. computer networks are under constant attack, in some cases by those seeking to steal valuable corporate secrets and in other cases by adversaries bent on disrupting or destroying networks.
“Mark my words, it’s going to get worse,” Alexander said, according to Reuters. “The disruptive and destructive attacks on our country will get worse and ... if we don’t do something, the theft of intellectual property will get worse.”
Mandiant’s report in February marked the first public airing of detailed evidence linking the Chinese military to a huge cyber-theft campaign. The Los Angeles Times later reported 2007 blog posts by a 25-year-old member of the military unit who boasted of perfecting a tool to infiltrate computer networks that escaped detection by leading antivirus software.
Mandiant did not identify the companies targeted by Unit 61398, citing confidentiality agreements with its clients. Bejtlich did not say Wednesday where the unit has resumed its attacks, but he said other China-based groups never stopped stealing Western intellectual property.
“They steal a staggering amount of information,” he said.
Bejtlich said the U.S. government should take action against China to force it to crack down on the thefts.
“We’ve been talking with them for a long time about this ... and they have not stopped,” he said.