Connect with us

Hi, what are you looking for?

OPINIONS

U.S. indicts Chinese military hackers for cyber espionage

A grand jury in the Western District of Pennsylvania (WDPA) indicted five Chinese military hackers for computer hacking, economic espionage and other offenses directed at six American victims in the U.S. nuclear power, metals and solar products industries.

A grand jury in the Western District of Pennsylvania (WDPA) indicted five Chinese military hackers for computer hacking, economic espionage and other offenses directed at six American victims in the U.S. nuclear power, metals and solar products industries.

By Richard Bejtlich, FireEye

On Monday, the US Department of Justice (DoJ) took actions previously unseen in the world of computer security. The press release announcing the activity noted the following:

“A grand jury in the Western District of Pennsylvania (WDPA) indicted five Chinese military hackers for computer hacking, economic espionage and other offenses directed at six American victims in the U.S. nuclear power, metals and solar products industries.”

The accompanying indictment begins with the following excerpt:

Advertisement. Scroll to continue reading.

“From at least in or about 2006 up to and including at least in our about April 2014, members of the People’s Liberation Army, the military of the People’s Republic of China, conspired together and with each other to hack into the computers of commercial entities in the Western District of Pennsylvania and elsewhere in the United States.”

These two sentences are packed with meaning for anyone who has been working to counter the Chinese digital threat, either within, or on behalf of, victim organizations. First, the indictment zeroes in on the military aspect of the threat. DoJ isn’t talking about nebulous “Chinese hackers,” perhaps working as contractors for hire. These are PLA troops, some of whom are pictured in the indictment wearing their uniforms. Second, these sentences confirm the temporal span of the activity, roughly an eight year period. This is a sustained, persistent, resourced campaign. Third, they emphasize economic espionage against commercial American targets, not targets in the US military or intelligence communities. The US government has always been clear that it will not tolerate Chinese hacking to financially and scientifically accelerate Chinese economic growth.

For those of us who worked on exposing this threat over the years, the indictment contains many other relevant details. We read that the five defendants “worked together and with others known and unknown to the Grand Jury for the PLA’s General Staff, Third Department (“3PLA”), a signals intelligence component of the PLA, in a Unit known by the Military Unit Code Designator 61398 (“Unit 61398”), and in the vicinity of 208 Datong Road, Pudong District, Shanghai, China.” This is exactly the same unit, designation, and location identified in the 2013 Mandiant report,APT1: Exposing One of China’s Cyber Espionage Units. This statement is the first open, unclassified, official confirmation of the core attribution element in the Mandiant report. It shows that APT1 aka United 61398 aka the Second Bureau of the Third Department of the General Staff Directorate of the PLA is a threat to US economic and security interests.

There are many other aspects of the indictment that I find fascinating, but in the interest of time I will mention one other. Paragraph four states the following:

“During the period relevant to this Indictment, Chinese firms hired the same PLA Unit where the defendants worked to provide information technology services. For example, one SOE involved in trade litigation against some of the American victims mentioned herein hired the Unit, and one of the co-conspirators charged herein, to build a ‘secret’ database to hold corporate ‘intelligence.’”

Advertisement. Scroll to continue reading.

This is a remarkable statement, because it may answer one of the burning questions those of us analyzing the problem have often asked: how does stolen Western data pass from the Chinese military to the Chinese private sector? According to the indictment, a State Owned Enterprise (SOE) simply hires Unit 61398 to provide IT services, and the military hackers leave the “intelligence” behind in a “database” for the benefit of the SOE.

As the story develops over the coming days, I will keep an eye on it and report back as newsworthy items appear.

Advertisement
Advertisement
Advertisement

Like Us On Facebook

You May Also Like

HEADLINES

Cyber security platform provider FireEye claimed that new cyber security threats have been targeting Southeast Asia, including the Philippines, aimed at identifying and stealing...

HEADLINES

The tools used by Longhorn closely follow development timelines and technical specifications laid out in documents disclosed by WikiLeaks. The Longhorn group shares some...

BUSINESS

Ginni Rometty, IBM CEO, once said, “we need to think about security like a human immune system. Without a healthy one, you are susceptible...

HEADLINES

Organizations observed in Southeast Asia faced a 45% higher risk of facing a targeted cyber attack than the global average, according to a new...

HEADLINES

IT security expert FireEye has uncovered operations of a decade-long cyber espionage campaign dubbed APT30 that is likely targeting the Philippines. In a 70-page...

COMPUTERS

The Asia Pacific (APAC) region is frequently attacked by various advanced persistent threats (APTs), with Philippines as the most exposed ASEAN country to these...

HEADLINES

Servers running the OpenSSL for the last 2 years, unless patched rightaway, may have revealed to hackers sensitive data due to a serioud Internet...

Advertisement