WASHINGTON Nov 6 The disclosure early this year
of a secretive Chinese military unit believed to be behind a
series of hacking attacks has failed to halt the cyber
intrusions, a U.S. computer security company and congressional
advisory panel said on Wednesday.
A report by the cybersecurity company Mandiant in February
identified the People's Liberation Army's Shanghai-based Unit
61398 as the most likely culprit in hacking attacks on a wide
range of industries. China's Defense Ministry denied the
The U.S.-China Economic and Security Commission, a panel
which advises the U.S. Congress on China policy, said Mandiant's
revelations brought only a brief pause in cyber intrusions by
that PLA unit.
"There are no indications the public exposure of Chinese
cyber espionage in technical detail throughout 2013 has led
China to change its attitude toward the use of cyber espionage
to steal proprietary economic and trade information," the
commission said in a draft of their annual report to Congress.
The draft report, made available to Reuters on Wednesday,
said Mandiant's revelations "merely led Unit 61398 to make
changes to its cyber 'tools and infrastructure' (to make) future
intrusions harder to detect and attribute."
The commission's report, to be released in final form later
this month, quoted Mandiant experts as saying the Chinese
military hackers decreased their activities for about a month
following the February publication of that report.
A Mandiant spokeswoman told Reuters that within a few weeks
of the February report, the hacking levels from China had
returned to about the same levels though the group was using
some different tools.
"From what we can tell, they are still stealing the same
type of data from the same industries," Mandiant spokeswoman
Susan Helmick said on Wednesday.
"The focus appears to be the same but the methods and
malware, they had to shift," Helmick said.
A spokesman for the Chinese embassy in Washington on
Wednesday repeated China's response to the initial Mandiant
"Cyber attacks are transnational and anonymous," said
spokesman Geng Shuang. "We don't know how the evidence is
collected in this report."
Geng added: "China stands against cyber attacks and has done
what it can to combat such activities in accordance with Chinese
laws and regulations."
The February Mandiant report said PLA Unit 61398 is located
in Shanghai's Pudong district, China's financial and banking
hub, and is staffed by perhaps thousands of people proficient in
English as well as computer programming and network operations.
It said the unit had stolen hundreds of terabytes of data
from at least 141 organizations across a diverse set of
industries - mostly in the United States, with smaller numbers
in Canada and Britain.
The information stolen ranged from details on mergers and
acquisitions to the emails of senior employees, the company
A report in July issued by the Commission on the Theft of
American Intellectual Property said theft of business and
industrial secrets cost the U.S. economy some $300 billion a
year and that China was responsible for most of it.
In June, President Barack Obama and his Chinese counterpart,
Xi Jinping, agreed to launch a bilateral working group to
discuss cybersecurity issues. The group has met twice since
The U.S.-China Economic and Security Commission said it was
told by experts that former U.S. National Security Agency
contractor Edward Snowden's revelations of NSA cyber-operations
against targets in China and Hong Kong would set back efforts to
address Chinese cyber attacks by six months to a year.
(Editing by Mohammad Zargham)