Chinese cyber spies: Pwning U.S. businesses since 2006

What oversees 1 billion citizens, a cyber spy army, and hacks of Coca-Cola and Lockheed Martin? China's government, says Mandiant security

The New York Times issued another blockbuster report yesterday revealing just how thoroughly U.S. companies have been pwned by Chinese cyber spies over the last few years.

The Chinese government immediately took to Twitter, accusing the Times of publishing a "fake" account and having a bias against hackers of Chinese origin as well as $100,000 electric vehicles. (I'm kidding about that last bit.)

[ Cash in on your IT stories! Send your IT tales to If we publish it, we'll keep you anonymous and send you a $50 American Express gift cheque. | For a humorous take on the tech industry's shenanigans, subscribe to Robert X. Cringely's Notes from the Underground newsletter. | Get the latest insight on the tech news that matters from InfoWorld's Tech Watch blog. ]

The Times got an advance copy of a report by security firm Mandiant, which was hired by the paper last fall to trace Chinese hackers rollicking through the Times' own network. (Jeez, the lengths some people will go to just to get around a paywall.) Today Mandiant released a 60-page report (PDF) exposing one of the Chinese army's cyber spook networks, called Advanced Persistent Threat 1 (APT1), which has been pwning major U.S. corporations and government agencies since 2006.

Among APT1's known victims, per the Times, are RSA, Coca-Cola, Lockheed Martin, defense consultancy The Chertoff Group, and the National Electrical Manufacturers Association. The scariest part is that most of APT1's attacks over the last two years were directed against U.S. and Canadian water, utility, power, and pipeline companies.

Unlike in previous reports, Mandiant isn't saying the Chinese government may be behind these attacks -- Mandiant is saying China's fingerprints are all over it. Per the report:

Though our visibility of APT1's activities is incomplete, we have analyzed the group's intrusions against nearly 150 victims over seven years. From our unique vantage point responding to victims, we tracked APT1 back to four large networks in Shanghai, two of which are allocated directly to the Pudong New Area.... Our analysis has led us to conclude that APT1 is likely government-sponsored and one of the most persistent of China's cyber threat actors. We believe that APT1 is able to wage such a long-running and extensive cyber espionage campaign in large part because it receives direct government support.

1 2 Page 1
Page 1 of 2
How to choose a low-code development platform