Mandiant Located Majority of Cyber Attacks on U.S. Military and Corporations to Shanghai Military Base.

Published on February 19, 2013 By DrJBHL In Personal Computing

The Intelligence Center of computer security firm Mandiant has identified the majority of highly sophisticated attacks on the U.S. to have originated by 4 networks in a bland, twelve story building in Shanghai which houses (allegedly) a super secret cyber warfare unit of China’s Army.

“Highlights of the report include:

Evidence linking APT1 to China’s 2nd Bureau of the People’s Liberation Army (PLA) General Staff Department’s (GSD) 3rd Department (Military Cover Designator 61398).

A timeline of APT1 economic espionage conducted since 2006 against 141 victims across multiple industries.

APT1′s modus operandi (tools, tactics, procedures) including a compilation of videos showing actual APT1 activity.

The timeline and details of over 40 APT1 malware families.

The timeline and details of APT1′s extensive attack infrastructure.

Mandiant is also releasing a digital appendix with more than 3,000 indicators to bolster defenses against APT1 operations. This appendix includes:

Digital delivery of over 3,000 APT1 indicators, such as domain names, IP addresses, and MD5 hashes of malware.

Thirteen (13) X.509 encryption certificates used by APT1.

A set of APT1 Indicators of Compromise (IOCs) and detailed descriptions of over 40 malware families in APT1′s arsenal of digital weapons.

IOCs that can be used in conjunction with Redline™, Mandiant’s free host-based investigative tool, or with Mandiant Intelligent Response® (MIR), Mandiant’s commercial enterprise investigative tool.”

- https://www.mandiant.com/blog/mandiant-exposes-apt1-chinas-cyber-espionage-units-releases-3000-indicators/?utm_source=rss&utm_medium=rss&utm_campaign=mandiant-exposes-apt1-chinas-cyber-espionage-units-releases-3000-indicators

Mandiant went on to say how the decision to publish outweighed and possibly impaired their own discovery methods for the public good.

You can read the report here: http://intelreport.mandiant.com/

The Foreign Ministry of the PRC has denied the charge:

"To make groundless accusations based on some rough material is neither responsible nor professional," Hong told reporters at a regularly scheduled news conference. In a reiteration of China's standard response to such accusations, Hong said China strictly outlaws hacking and said the country itself was a major victim of such crimes, including attacks originating in the United States. "As of now, the cyberattacks and cybercrimes China has suffered are rising rapidly every year," Hong said.” – http://www.google.com/hostednews/ap/article/ALeqM5gqGzo86yXzI9q8-HN1zYXx7QVgog?docId=03e227bd185041cd95972d4dc26f2e20

Mandiant provided an advance copy of its report to The New York Times, saying it hoped to “bring visibility to the issues addressed in the report.” Times reporters then tested the conclusions with other experts, both inside and outside government, who have examined links between the hacking groups and the army (Mandiant was hired by The New York Times Company to investigate a sophisticated Chinese-origin attack on its news operations, but concluded it was not the work of Comment Crew, but another Chinese group. The firm is not currently working for the Times Company but it is in discussions about a business relationship.) - http://www.nytimes.com/2013/02/19/technology/chinas-army-is-seen-as-tied-to-hacking-against-us.html?smid=tw-nytimestech&seid=auto&_r=1&

President Obama signed an Executive Order last week which is essentially the most disputed part of CISPA, enabling companies to share threat related security information with the government.

“Under a directive signed by President Obama last week, the government plans to share with American Internet providers information it has gathered about the unique digital signatures of the largest of the groups, including Comment Crew and others emanating from near where Unit 61398 is based … There are huge diplomatic sensitivities here,” said one intelligence official, with frustration in his voice.

But Obama administration officials say they are planning to tell China’s new leaders in coming weeks that the volume and sophistication of the attacks have become so intense that they threaten the fundamental relationship between Washington and Beijing.” – ibid

To me this all means, “China holds too much American paper, the trade balance, the manufacturing capability, and basically has pwned us.”

In my opinion, this needs to stop. It needs to stop NOW. It’s time to protect our I.P., and our companies. Either grow a pair, or just give up and let China roll over us. Make it clear. Draw the line.

Sources:

http://www.nytimes.com/2013/02/19/technology/chinas-army-is-seen-as-tied-to-hacking-against-us.html?pagewanted=2&_r=1&seid=auto&smid=tw-nytimestech

http://intelreport.mandiant.com/

https://www.mandiant.com/blog/mandiant-exposes-apt1-chinas-cyber-espionage-units-releases-3000-indicators/?utm_source=rss&utm_medium=rss&utm_campaign=mandiant-exposes-apt1-chinas-cyber-espionage-units-releases-3000-indicators

http://www.theverge.com/2013/2/18/4003732/chinese-cyber-attacks-on-us-corporations-tied-to-army-base

Comments (Page 2)

Jafo

on May 08, 2013

alaknebs

reply 6

nukes are all fairly immaterial. by nature they are defensive weapons, those who use it 1st are dead meat.

That's rubbish. They have been 'used' twice...both times as offensive weapons [defensive weapons is largely an oxymoron, anyway]...and the 1st to use them are alive and well....just killing each other one bullet at a time....

....oh, yes....with their defensive weapons....

thadianaphena

on May 08, 2013

So we can go to war to "protect our interests" against third world countries, lets go and "protect our interests".

'Murica.

alaknebs

on May 08, 2013

Jafo

reply 17

Quoting alaknebs, reply 6nukes are all fairly immaterial. by nature they are defensive weapons, those who use it 1st are dead meat.

That's rubbish. They have been 'used' twice...both times as offensive weapons [defensive weapons is largely an oxymoron, anyway]...and the 1st to use them are alive and well....just killing each other one bullet at a time....

....oh, yes....with their defensive weapons....

well doh. if the japs had nukes that they can use to hit back, you think they would have been nuked?

if anyone is going to be nuked by nk it'll be china. nk is a tail that has been wagging the dog since its inception.

DrJBHL

on May 08, 2013

Suffice it to say that it is completely beyond me how a thread bout cyber espionage (military and economic) has been turned into nuclear exchange craziness.

TwoWolves

on May 09, 2013

DsRaider

reply 4

To me this all means, “China holds too much American paper, the trade balance, the manufacturing capability, and basically has pwned us.”

This threat is always way overestimated. If China attempted to sell their American reserves it would have to be to someone and the market for US debt is such that it is highly unlikely to raise the interest rate on American bonds. In fact china is already attempting to sell American Bonds because they hate the fact that they are considered so safe they pay next to nothing. As a result China is investing a lot in some rather dubious places, but that's another story.

China can't even use money from selling those bonds at home. If they attempted to sell those American dollars to buy yuan it would cause their currency to rise because they keep it artificially low. This in turn would hurt their exporters in a time where domestic inflation and rising wages is already driving out a lot of manufacturing companies.

The real reason for the reluctance of the US in dealing with China has to do with fears of starting a trade war, which could lead to political tension, which could lead to a cold or even hot war. Since the US imports so much from China a trade war would cause significant inflation. Also all those American companies in China would get kicked out or get tariff-ed and lose a ton of money. A world where China goes rogue would be a much scarier place then the world we live in today. They have a lot of nukes. Don't forget China is ruled by a very secretive bureaucracy, and the recent Japanase situation has shown that they are willing to use nationalism in order to distract their citizens from domestic problems.

The recent fascination with China as a rising power is pretty funny. For every problem the US has China has 10. China has massive poverty, environmental damage, social unrest, massive corruption, a huge underground banking system, and border disputes with all it's neighbors including Russia, and India. The US is well on its way to energy independence and will be able to largely withdraw from the Middle East. China on the other hand has a desperate need for more and more oil and produces next to nothing domestically. The US just likes building up bogeymen. They did it with the Soviets and the Japanese and now it's China's turn. The same people who think China is going to soon surpass the US economically and militarily are the same people who didn't see their rise a decade ago. You can't just look at current growth rates and say they will last forever and not change.

This is good analysis.

China's problems are almost entirely internal and growing fast. I am not expecting China to become a world leader in my lifetime and it has to be remembered that most of the data that indicates that this is so has been modified to appease the leadership before release.

Their main worry at the moment is unemployment and unrest. That's why with internal R & D almost flat-lined they need to steal new product information from The West. I wouldn't like to be living on their borders when things begin to unravel though.

I would recommend that Western Manufacturers get out before the inflection point but greed is a hefty mote in the eye.

Welcome Guest! Please take the time to register with us.
There are many great features available to you once you register, including:

Richer content, access to many features that are disabled for guests like commenting on the forums.
Access to a great community, with a massive database of many, many areas of interest.
Access to contests & subscription offers like exclusive emails.
It's simple, and FREE!