BreachExchange mailing list archives
China military hackers persist despite being outed by US, says report
From: Lee J <lee () riskbasedsecurity com>
Date: Thu, 7 Nov 2013 12:53:01 +1100
http://www.themalaysianinsider.com/world/article/china-military-hackers-persist-despite-being-outed-by-us-says-report The disclosure early this year of a secretive Chinese military unit believed to be behind a series of hacking attacks has failed to halt the cyber intrusions, a US computer security company and congressional advisory panel said on Wednesday. A report by the cybersecurity company Mandiant in February identified the People's Liberation Army's Shanghai-based Unit 61398 as the most likely culprit in hacking attacks on a wide range of industries. China's Defense Ministry denied the accusations. The US-China Economic and Security Commission, a panel which advises the US Congress on China policy, said Mandiant's revelations brought only a brief pause in cyber intrusions by that PLA unit. "There are no indications the public exposure of Chinese cyber espionage in technical detail throughout 2013 has led China to change its attitude toward the use of cyber espionage to steal proprietary economic and trade information," the commission said in a draft of their annual report to Congress. The draft report, made available to Reuters on Wednesday, said Mandiant's revelations "merely led Unit 61398 to make changes to its cyber 'tools and infrastructure' (to make) future intrusions harder to detect and attribute." The commission's report, to be released in final form later this month, quoted Mandiant experts as saying the Chinese military hackers decreased their activities for about a month following the February publication of that report. Different tools A Mandiant spokeswoman told Reuters that within a few weeks of the February report, the hacking levels from China had returned to about the same levels though the group was using some different tools. "From what we can tell, they are still stealing the same type of data from the same industries," Mandiant spokeswoman Susan Helmick said on Wednesday. "The focus appears to be the same but the methods and malware, they had to shift," Helmick said. A spokesman for the Chinese embassy in Washington on Wednesday repeated China's response to the initial Mandiant report. "Cyber attacks are transnational and anonymous," said spokesman Geng Shuang. "We don't know how the evidence is collected in this report." Geng added: "China stands against cyber attacks and has done what it can to combat such activities in accordance with Chinese laws and regulations." The February Mandiant report said PLA Unit 61398 is located in Shanghai's Pudong district, China's financial and banking hub, and is staffed by perhaps thousands of people proficient in English as well as computer programming and network operations. It said the unit had stolen hundreds of terabytes of data from at least 141 organizations across a diverse set of industries - mostly in theUnited States, with smaller numbers in Canada and Britain. The information stolen ranged from details on mergers and acquisitions to the emails of senior employees, the company said. A report in July issued by the Commission on the Theft of American Intellectual Property said theft of business and industrial secrets cost the US economy some $300 billion (RM953.7 billion) a year and that China was responsible for most of it. In June, President Barack Obama and his Chinese counterpart, Xi Jinping, agreed to launch a bilateral working group to discuss cybersecurity issues. The group has met twice since July. The US-China Economic and Security Commission said it was told by experts that former US National Security Agency contractor Edward Snowden's revelations of NSA cyber-operations against targets in China and Hong Kong would set back efforts to address Chinese cyber attacks by six months to a year. - Reuters, November 7, 2013.
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: # OWASP http://www.appsecusa.org # Builders, Breakers and Defenders # Time Square, NYC 20-21 Nov o()xxxx[{::::::::::::::::::::::::::::::::::::::::> Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security offers security intelligence, risk management services and customized security solutions. The YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.
Current thread:
- China military hackers persist despite being outed by US, says report Lee J (Nov 11)