A “large percentage” of cyber attacks on U.S. corporations, government agencies and originate from an office tower of 12 floors on the outskirts of Shanghai, which is connected with the People’s Liberation Army, according to an extensive report The New York Times.
The newspaper quotes a 60-page report by the United States traces Mandiant security firm’s activities a sophisticated Chinese hacking groups – known in some circles as “Crew comment” or “Shanghai Group” – the headquarters of Unit PLA 61398. The report states that a body of digital forensic evidence led investigators to the doors of the building, but could not confirm that the hackers were inside the building.
However, Mandiant argues that no realistic explanation for the large number of attacks from a small town neighborhood of restaurants and massage parlors.
“Or they come from within the 61,398 unit,” said Kevin Mandia, the founder and CEO of Mandiant, the Times, “or the people who run the most controlled, monitored by most Internet networks in the world have no idea of thousands of people generating this neighborhood one attack. ”
As part of its report, Mandiant also released a very detailed video (see below) it says shows the real attacker sessions conducted by a group of hackers in China Mandiant called Advanced Persistent Threat Group 1 or APT1.
“Our analysis has led us to the conclusion that probably APT1 sponsored by the government and one of the most persistent of China actors cyber threat,” wrote Mandiant.
Chinese officials told the Times that his country would not engage in hacking.
The probe came after the newspaper revealed last month that he had been the victim of a cyber attack four months in which hackers stole passwords of its employees in an effort to obtain information on sources and contacts for a story on the Chinese Premier Wen Jiabao. According to the Times, these hackers methods used were similar to attacks in the past by the Chinese military.
The Wall Street Journal and the Washington Post also reported having been victims of similar hacks. The newspaper hired the company to investigate the hack, but found that Crew comment was not responsible for the sophisticated cut.
Mandiant said he had been following Crew commentary for over six years and had traced their IP addresses activities that occurred in the same neighborhood as 61 398 unit building.
“It’s where more than 90 percent of the attacks that followed came from,” the Times said Mandia.
The report comes as the U.S. begins a more aggressive defense against cyber hackers as suspected in China. Under a highly anticipated executive order signed last week by President Obama, companies can share confidential information, such as digital signatures unique hackers intelligence agencies unsupervised.