U.S. security firm Mandiant, which was hired by the New York Times to investigate breaches of its own security, provided an advance copy of the 60-page report to the newspaper. The report describes how the People’s Liberation Army launches attacks against American companies, organizations and government agencies from or near a 12-story building on the outskirts of Shanghai.
The group behind the attacks is P.L.A. Unit 61398, whose main office is on Datong Road, outside Shanghai, but victims of its attacks call the unit the “Comment Crew” of “Shanghai Group,” the New York Times said.
“Either they are coming from inside Unit 61398,” Kevin Mandia, the founder and chief executive of Mandiant, told the newspaper, “or the people who run the most-controlled, most-monitored Internet networks in the world are clueless about thousands of people generating attacks from this one neighborhood.”
Further, a recent classified National Intelligence Estimate document that reflects the views of all 16 U.S. intelligence agencies argues that many of China’s hacking groups are either run by P.L.A. officers or are contractors working for commands like Unit 61398, officials told the newspaper.
Targets of Unit 61398 include agencies and companies whose databases contain vast and detailed information about critical U.S. infrastructure, including pipelines, power generation facilities and transmission lines.
The U.S. administration plans to begin an intensified defense against Chinese hacking groups on Tuesday, according to a directive signed last week by President Obama.
Washington, however, is proceeding cautiously in its public response to the revelation that China's government is apparently sponsoring the cyberwarfare.
“There are huge diplomatic sensitivities here,” an intelligence official, who is frustrated with the government’s tentativeness about the matter, told the Times.