China military hackers persist despite being outed by U.S.: report
WASHINGTON (Reuters) - The disclosure early this year of a secretive Chinese military unit believed to be behind a series of hacking attacks has failed to halt the cyber intrusions, a U.S. computer security company and congressional advisory panel said on Wednesday.
A report by the cybersecurity company Mandiant in February identified the People's Liberation Army's Shanghai-based Unit 61398 as the most likely culprit in hacking attacks on a wide range of industries. China's Defense Ministry denied the accusations.
The U.S.-China Economic and Security Commission, a panel which advises the U.S. Congress on China policy, said Mandiant's revelations brought only a brief pause in cyber intrusions by that PLA unit.
"There are no indications the public exposure of Chinese cyber espionage in technical detail throughout 2013 has led China to change its attitude toward the use of cyber espionage to steal proprietary economic and trade information," the commission said in a draft of their annual report to Congress.
The draft report, made available to Reuters on Wednesday, said Mandiant's revelations "merely led Unit 61398 to make changes to its cyber 'tools and infrastructure' (to make) future intrusions harder to detect and attribute."
The commission's report, to be released in final form later this month, quoted Mandiant experts as saying the Chinese military hackers decreased their activities for about a month following the February publication of that report.
A Mandiant spokeswoman told Reuters that within a few weeks of the February report, the hacking levels from China had returned to about the same levels though the group was using some different tools.
"From what we can tell, they are still stealing the same type of data from the same industries," Mandiant spokeswoman Susan Helmick said on Wednesday.
"The focus appears to be the same but the methods and malware, they had to shift," Helmick said.
A spokesman for the Chinese embassy in Washington on Wednesday repeated China's response to the initial Mandiant report.
"Cyber attacks are transnational and anonymous," said spokesman Geng Shuang. "We don't know how the evidence is collected in this report."
Geng added: "China stands against cyber attacks and has done what it can to combat such activities in accordance with Chinese laws and regulations."
The February Mandiant report said PLA Unit 61398 is located in Shanghai's Pudong district, China's financial and banking hub, and is staffed by perhaps thousands of people proficient in English as well as computer programming and network operations.
It said the unit had stolen hundreds of terabytes of data from at least 141 organizations across a diverse set of industries - mostly in the United States, with smaller numbers in Canada and Britain.
The information stolen ranged from details on mergers and acquisitions to the emails of senior employees, the company said.
A report in July issued by the Commission on the Theft of American Intellectual Property said theft of business and industrial secrets cost the U.S. economy some $300 billion a year and that China was responsible for most of it.
In June, President Barack Obama and his Chinese counterpart, Xi Jinping, agreed to launch a bilateral working group to discuss cybersecurity issues. The group has met twice since July.
The U.S.-China Economic and Security Commission said it was told by experts that former U.S. National Security Agency contractor Edward Snowden's revelations of NSA cyber-operations against targets in China and Hong Kong would set back efforts to address Chinese cyber attacks by six months to a year.
(Editing by Mohammad Zargham)