A Feb. 19 report from computer
security firm Mandiant Corp. asserts that the Chinese government is involved in
a major cyber-espionage campaign to steal sensitive data from organizations in
the United States and other countries.
The report from Alexandria, Va.-based Mandiant said that since at least 2006
a hacking group in China has stolen hundreds of terabytes of data from as many
as 141 organizations. According to the report, the hacking group used internet
protocol addresses registered in Shanghai and appears to be linked to a Chinese
China's Ministry of Foreign Affairs Feb. 19 posted a statement that the
Chinese government opposes cyber-attacks and that speculation and accusations
will not help to solve the problem.
Without commenting on the specific details in the report, White House
spokeswoman Caitlin Hayden told BNA Feb. 19 that the Obama administration has
repeatedly raised cybertheft concerns with senior Chinese officials, including
in the military, and will continue to do so.
“The United States and China are among the world's largest cyber actors and
it is vital that we continue a sustained, meaningful dialogue and work together
to develop an understanding of acceptable behavior in cyberspace,” she said.
The Mandiant report comes as the Obama administration is moving ahead with a
plan to bolster U.S. cyberdefenses through an executive order (12 PVLR 257,
2/18/13) and key members of Congress are pushing for quick legislative action on
Stewart Baker, a partner in the Washington office of Steptoe & Johnson
LLP, told BNA Feb. 19 the Mandiant report is likely to provide increased impetus
for legislative action.
The report “clearly demonstrates the need to pass cybersecurity legislation
as soon as possible,” Sen. Dianne Feinstein (D-Calif.), chairman of the Senate
Select Committee on Intelligence, said in a Feb. 19 statement.
House Intelligence Committee Chairman Mike Rogers (R-Mich.) said in a Feb. 19
statement that the report provides vital insights into the Chinese government's
economic cyber-espionage campaign against U.S. companies.
Rogers and Ranking Member C. A. “Dutch” Ruppersberger (D-Md.) Feb. 13
reintroduced a cybersecurity bill (H.R. 624) that seeks to
improve cyberthreat information-sharing in the United States between the
government and private sector (12 PVLR 273, 2/18/13). Among other provisions the
bill would provide liability protection to firms that share information with the
Mandiant is the same firm that South Carolina officials recently contracted
to conduct an independent review analyzing a massive hacking attack on the state
Department of Revenue's taxpayer database (11 PVLR 1730, 12/3/12).
By Alexei Alexis with additional
reporting by Michael Standaert (Shenzhen, China)
The Mandiant report “Mandiant Intelligence Center Report APT1: Exposing One
of China's Cyber Espionage Units,” and its appendix are available for download