Security firm Mandiant has published an unusually detailed report documenting China-sponsored hacking intrusions that have siphoned terabytes of sensitive data from 141 organizations over the past seven years.
The 74-page study is only the latest report to lay a battery of computer intrusions at the feet at hackers linked to China's government or military apparatus. But until now, many of those claims lacked crucial details, opening them up to skeptics who complained that the lack of specificity made it difficult or impossible to conclude Chinese actors were behind attacks targeting US governmental agencies, corporations, and human rights organizations. Given the anonymity that shrouds most network intrusions, critics have pointed out, the use of Chinese domain names, IP addresses, and localized language in computer espionage campaigns could almost as easily have been chosen by perpetrators from other countries who want to divert the attention of investigators.
The Mandiant report is largely a response to these critics. It identifies a 12-story white office tower on the outskirts of Shanghai as the nerve center for a hacking group long known to security researchers as the "Comment Crew." IP addresses that have been used for years in espionage hacks map to the immediate surroundings of the building. The tower also happens to be the headquarters for the People Liberation Army's Unit 61398, which was described in 2011 as the "premier entity targeting the United States and Canada, most likely focusing on political, economic, and military-related intelligence" by the Virginia-based nongovernmental organization known as the Project 2049 Institute. Many of the claims in the Mandiant report have been independently confirmed by US intelligence officials, according to an article published by The New York Times.