China’s State-Sponsored Hackers

Feb 20 2013 @ 3:22pm

Kim Zetter goes over the new report from security firm Mandiant, which appears to have caught the Chinese army initiating a wide range of hacks into American companies:

Victims have included the security firm RSA, Coca-Cola and the maker of equipment used in critical infrastructure systems. Multiple industries have been targeted, including the aerospace and high-tech electronics industries as well as transportation, financial services, satellite and telecommunications, chemical, energy, media and advertising and food and agriculture.

Dan Goodin explains further:

According to Mandiant, [Comment Crew, the group behind the hacks,] has for years vacuumed up the proprietary secrets of more than 100 targets, including technology blueprints, manufacturing processes, clinical trial results, pricing documents, and negotiation strategies. Of more concern, Comment Crew hackers have most recently tuned their focus to computer systems used to control dams, gasoline refineries, and other critical infrastructure.

Goodin adds that, “[g]iven the IP addresses and clues gleaned from individual members with hacker handles including UglyGorilla and DOTA, the authors conclude that the campaign is almost surely sponsored by the Chinese government or military.” Evan Osnos’s perspective:

Mandiant and the Times stop short of saying [Chinese military] Unit 61398 was directly in charge; “the firm was not able to place the hackers inside the twelve-story building, but makes a case there is no other plausible explanation for why so many attacks come out of one comparatively small area.” Caveats aside, the accumulated evidence should retire the old notion that China’s most sophisticated hackers are just patriots freelancing from their parents’ basements.