A 12-story building on the outskirts of Shanghai, China, may be the source of over 115 cyber attacks on U.S. infrastructure, media, and government networks. The building is owned by the Chinese military — the People’s Liberation Army — and a plethora of digital evidence suggests the building, and the people inside it, as the likely source of cyber attacks which has the potential to cripple the United States.
The attacks, as U.S. cyber security firm Mandiant outlines, have targeted and stolen terabytes of content from companies, hacked news organizations, and targeted critical U.S. infrastructure from electrical grids to a company holding remote access to over half of gas and oil pipelines in North America, The New York Times, which also suffered a hacking attack originating in China, reports.
Mandiant issued a 60-page report outlining the case that Chinese hackers, known as “Comment Crew” or “Shanghai Group,” are the source of over 140 cyber attacks across the world on Tuesday, days after President Barack Obama issued an executive order to better secure the networks of critical U.S. infrastructure and industries.
The Chinese government has refuted claims that it sponsors computer hacking, saying it’s illegal and the country is also the victim of hacking attacks. “We don’t know how the evidence in this so-called report can be tenable,” said Chinese Foreign Ministry spokesman Hong Lei, stating that tracing such attacks is extremely difficult.
But, as Kevin Mandia, founder and CEO of Mandiant notes, either the attacks are coming from inside the Shanghai building “or the people who run the most-controlled, most-monitored Internet networks in the world are clueless about thousands of people generating attacks from this one neighborhood.”
Mandiant’s decision to expose these attacks, however, may cause Unit 61398, and the PLA in general, to change their hacking methods to be harder to detect. The security group may have also painted a massive target on their back for both the PLA and other hacking groups to try and hit.