A top cybersecurity firm has released a report detailing a sweeping, five-year-long cyberattack that struck more than 70 government agencies and corporations and likely originated in China, according to experts familiar with the analysis.
Hackers infiltrated organizations that ranged from international entities like the United Nations and the International Olympic Committee to U.S. defense firms, according to McAfee, the security firm that conducted the report. Nearly 50 of the 72 cyberattack targets were in the U.S.
Dmitri Alperovitch, McAfee's vice president of threat research, said evidence pointed to "a nation-state" having carried out the attacks but declined to specify further.
"After painstaking analysis of the logs, even we were surprised by the enormous diversity of the victim organizations and were taken aback by the audacity of the perpetrators," Alperovitch wrote in the report.
Outside experts said that the attacks appear to have come from China, which has a history of engaging in cyberwarfare. James A. Lewis, a cybersecurity expert, pointed to Taiwan's prominence among targeted countries and the hacking of the International Olympic Committee shortly before the 2008 games in Beijing. Earlier this year, Google accused China of hacking into its networks and stealing source code.
"This isn't the first we've seen," Lewis told The Washington Post. "This has been going on from China since at least 1998."
The hackers sought to steal data from U.S. military systems, as well as information from satellite communications, electronics and natural gas companies, the report said. The intent of the cyberattacks was unclear, but regardless of their aim, hackers were able to make off with a valuable haul, said Alperovitch.
"We're facing a massive transfer of wealth in the form of intellectual property that is unprecedented in history," Alperovitch said, also writing in the report that "If even a fraction of it is used to build better competing products or beat a competitor at a key negotiation (due to having stolen the other team's playbook), the loss represents a massive economic threat."
The report's release coincides with an intensifying push by the U.S. government to fortify its cybersecurity. The Pentagon announced in July that it had suffered its most significant cyberattack, a theft of some 24,000 classified files that was also believed to have originated in a nation-state.