BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

China military hackers persist despite being outed by US, says report

From: Lee J <lee () riskbasedsecurity com>
Date: Thu, 7 Nov 2013 12:53:01 +1100
http://www.themalaysianinsider.com/world/article/china-military-hackers-persist-despite-being-outed-by-us-says-report

The disclosure early this year of a secretive Chinese military unit
believed to be behind a series of hacking attacks has failed to halt the
cyber intrusions, a US computer security company and congressional advisory
panel said on Wednesday.

A report by the cybersecurity company Mandiant in February identified the
People's Liberation Army's Shanghai-based Unit 61398 as the most likely
culprit in hacking attacks on a wide range of industries. China's Defense
Ministry denied the accusations.

The US-China Economic and Security Commission, a panel which advises the US
Congress on China policy, said Mandiant's revelations brought only a brief
pause in cyber intrusions by that PLA unit.

"There are no indications the public exposure of Chinese cyber espionage in
technical detail throughout 2013 has led China to change its attitude
toward the use of cyber espionage to steal proprietary economic and trade
information," the commission said in a draft of their annual report to
Congress.

The draft report, made available to Reuters on Wednesday, said Mandiant's
revelations "merely led Unit 61398 to make changes to its cyber 'tools and
infrastructure' (to make) future intrusions harder to detect and attribute."

The commission's report, to be released in final form later this month,
quoted Mandiant experts as saying the Chinese military hackers decreased
their activities for about a month following the February publication of
that report.

Different tools

A Mandiant spokeswoman told Reuters that within a few weeks of the February
report, the hacking levels from China had returned to about the same levels
though the group was using some different tools.

"From what we can tell, they are still stealing the same type of data from
the same industries," Mandiant spokeswoman Susan Helmick said on Wednesday.

"The focus appears to be the same but the methods and malware, they had to
shift," Helmick said.

A spokesman for the Chinese embassy in Washington on Wednesday repeated
China's response to the initial Mandiant report.

"Cyber attacks are transnational and anonymous," said spokesman Geng
Shuang. "We don't know how the evidence is collected in this report."

Geng added: "China stands against cyber attacks and has done what it can to
combat such activities in accordance with Chinese laws and regulations."

The February Mandiant report said PLA Unit 61398 is located in Shanghai's
Pudong district, China's financial and banking hub, and is staffed by
perhaps thousands of people proficient in English as well as computer
programming and network operations.

It said the unit had stolen hundreds of terabytes of data from at least 141
organizations across a diverse set of industries - mostly in theUnited
States, with smaller numbers in Canada and Britain.

The information stolen ranged from details on mergers and acquisitions to
the emails of senior employees, the company said.

A report in July issued by the Commission on the Theft of American
Intellectual Property said theft of business and industrial secrets cost
the US economy some $300 billion (RM953.7 billion) a year and that China
was responsible for most of it.

In June, President Barack Obama and his Chinese counterpart, Xi Jinping,
agreed to launch a bilateral working group to discuss cybersecurity issues.
The group has met twice since July.

The US-China Economic and Security Commission said it was told by experts
that former US National Security Agency contractor Edward Snowden's
revelations of NSA cyber-operations against targets in China and Hong Kong
would set back efforts to address Chinese cyber attacks by six months to a
year. - Reuters, November 7, 2013.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

# OWASP http://www.appsecusa.org
# Builders, Breakers and Defenders
# Time Square, NYC 20-21 Nov
o()xxxx[{::::::::::::::::::::::::::::::::::::::::>

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security offers security intelligence, risk management services and customized security solutions. The 
YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk 
mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.
Previous By Date Next
Previous By Thread Next

Current thread: