For years, observers have accused the Chinese government of supporting cyber espionage efforts to steal sensitive and valuable information from all manner of organizations, both in the public and private sector. The nature of cyber espionage, however, had made it difficult to point to a smoking gun that proves the Chinese government's guilt once and for all.
Now IT security company Mandiant has released an extensive report titled "APT1: Exposing One of China's Cyber Espionage Units," in which the company argues that it is very likely that a cyber espionage outfit dubbed APT1 is, in fact, a branch of the Chinese military called PLA (People's Liberation Army) Unit 61398. Though Mandiant acknowledges that its accusation isn't entirely conclusive, the company lays out a compelling case for the government officials in the United States and abroad to take further action to determine if, in fact, China supports a worldwide cyber espionage ring, which has targeted hundreds of companies representing upward of 20 industries with sophisticated APTs (advanced persistent threats).
The news should also be a wake-up call for IT professionals that APTs are a serious threat to their organizations' data and intellectual property -- and it's time to get serious about upgrading their defenses accordingly. Antivirus software and firewalls just don't cut it anymore.
Following is a Q&A about what Mandiant found in its extensive study of APT1, including what APT1 does, who it targets, and why it's most likely connected with the Chinese government.
What is APT1?
APT1 is a cyber espionage organization based in China that has conducted APT campaigns against a broad range of victims across the globe since at least 2006. Mandiant observes that it is one of the most prolific cyber espionage groups in terms of the sheer quantity of information stolen.
Is APT1 beyond a shadow of a doubt sponsored by the Chinese government?
Mandiant is careful not to say outright that APT1 is definitively controlled by the Chinese government. Rather, the report states that "our analysis has led us to conclude that APT1 is likely government-sponsored and one of the most persistent of China's cyber threat actors. We believe that APT1 is able to wage such a long-running and extensive cyber espionage campaign in large part because it receives direct government support."
But the answer does appear to be that yes, APT1 is a government organization, as Mandiant's only alternative scenario reads rather tongue-in-cheek: "A secret, resourced organization full of mainland Chinese speakers with direct access to Shanghai-based telecommunications infrastructure is engaged in a multi-year, enterprise-scale computer espionage campaign right outside of Unit 61398's gates, performing tasks similar to Unit 61398's known mission."
At the very least, the Chinese government is an accomplice to APT1's activities in that it has turned a blind eye to them. The Chinese government is notorious for scrutinizing every bit of data that flows in and out of the nation's "great firewall." It's tough to imagine Chinese officials simply haven't noticed incident after incident of successful cyber breaches targeting organizations worldwide.