US cybersecurity firm Mandiant has linked a secretive China People’s Liberation Army’s (Pla) intelligence unit to prolific cyber attacks on the US and foreign companies in the past seven years.

Contradicting Beijing’s previous claims that the government does not carry out illegal hacking, the company has alleged in a report that PLA’s Shanghai-based Unit 61398 to have stolen hundreds of terabytes of data from at least 141 organisations across 20 major industries from as early as 2006.

The report alleges that the Advanced Persistent Threat1 (APT1) group, a primary accused of data breaches since 2004, is believed to be the 2nd Bureau of the PLA General Staff Department’s (GSD) 3rd Department, commonly known as Unit 61398.

"The nature of Unit 61398’s work is considered by China to be a state secret," the report stated. "However, we believe it engages in harmful computer network operations."

Arguing the reason for establishing the link, the report said the unit was located in Pudong New Area, where the group is headquartered, and also a password used by one of three hackers it identified translated to a division that is extensively used within the General Staff Department organisations.

"The nature of Unit 61398’s work is considered by China to be a state secret."

However, the credibility of the report was disputed by the Chinese Government, with Foreign Ministry spokesman Hong Lei saying he doubted the evidence.

"Hacking attacks are transnational and anonymous," he said. "Determining their origins are extremely difficult. We don’t know how the evidence in this so-called report can be tenable.

The country’s Defence Ministry also rejected the allegations in a faxed statement to The Associated Press and insisted the statements ‘are unprofessional and are not in accordance with the facts’.

US Pentagon press secretary George Little refused to comment on the report, but noted that the department has raised highest level concerns regarding the cyber crimes with Chinese officials, including the military, and will continue to do so in the future.

Without naming the victims, the report said 115 companies were located in the US, two in Canada, five in the UK, with the remaining 19 from France, Norway, Belgium, Luxembourg, Israel, Switzerland, South Africa, Singapore, Taiwan and Japan.

Image: Cybersecurity methods can be breached if proper security procedures are not followed. Photo: US Army photo by Spc Loren Cook.

Defence Technology