The document, first reported by the New York Times, draws on information that Mandiant collected from what the company said was the systematic theft of data from at least 141 organizations over seven years. Mandiant traced the attacks back to a single group it designated “Advanced Persistent Threat 1,” or “APT1,” and now has identified the group as a Chinese military unit within the 2nd Bureau of the People’s Liberation Army General Staff Department’s 3rd Department, code named “Unit 61398.”
Although most of the targets were U.S. companies, a Mandiant official said APT1 also hit about a dozen entities that he described as smaller U.S. local, state and federal government agencies and international governmental organizations overseas.
Senior U.S. officials, including President Obama, have raised the issue of Chinese cyber attacks on commercial targets over the past year. White House press secretary Jay Carney declined to address the Mandiant report, but he said, “We have repeatedly raised our concerns at highest levels about cybertheft with senior Chinese officials, including the military, and we will continue to do so.”
Analysts have long linked the unit to the Chinese military’s 3rd Department, and to extensive cyber-espionage. But what Mandiant has done is connect the dots and add new ones by locating the Internet protocol addresses used in commercial cyberattacks, placing them on a map and linking that information to open-source data about people associated with the unit.
“Since 2006, Mandiant has observed APT1 compromise 141 companies spanning 20 major industries,” the firm said in its report. Of those victims, 87 percent “are headquartered in countries where English is the native language,” it said.
Mandiant did not name the victims but said 115 of them are located in the United States, two in Canada and five in Britain. Of the 19 others, all but two operate in English.
One apparent victim was Telvent, a Madrid-based technology company with U.S. headquarters in Rockville that enables energy suppliers and others to remotely control their operations, security researchers and company officials said. Telvent helps manage 60 percent of the flow of hydrocarbons in North America and Latin America, according to its Web site. Technology made by the company, owned by Schneider Electric, also helps control and monitor power grids around the world.
Separately Tuesday, Apple Inc. said the same hackers who targeted Facebook last month have also gone after Apple and infiltrated a small number of the company’s computers. Neither company publicly identified the nationality of the hackers.