Report Says China Linked to Cyber-Attacks On Organizations in U.S., Other Countries

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

A Feb. 19 report from computer security firm Mandiant Corp. asserts that the Chinese government is involved in a major cyber-espionage campaign to steal sensitive data from organizations in the United States and other countries.

The report from Alexandria, Va.-based Mandiant said that since at least 2006 a hacking group in China has stolen hundreds of terabytes of data from as many as 141 organizations. According to the report, the hacking group used internet protocol addresses registered in Shanghai and appears to be linked to a Chinese military unit.

China's Ministry of Foreign Affairs Feb. 19 posted a statement that the Chinese government opposes cyber-attacks and that speculation and accusations will not help to solve the problem.

White House Cites Continuing Dialogue

Without commenting on the specific details in the report, White House spokeswoman Caitlin Hayden told BNA Feb. 19 that the Obama administration has repeatedly raised cybertheft concerns with senior Chinese officials, including in the military, and will continue to do so.

“The United States and China are among the world's largest cyber actors and it is vital that we continue a sustained, meaningful dialogue and work together to develop an understanding of acceptable behavior in cyberspace,” she said.

The Mandiant report comes as the Obama administration is moving ahead with a plan to bolster U.S. cyberdefenses through an executive order (12 PVLR 257, 2/18/13) and key members of Congress are pushing for quick legislative action on the issue.

Legislation Pending

Stewart Baker, a partner in the Washington office of Steptoe & Johnson LLP, told BNA Feb. 19 the Mandiant report is likely to provide increased impetus for legislative action.

The report “clearly demonstrates the need to pass cybersecurity legislation as soon as possible,” Sen. Dianne Feinstein (D-Calif.), chairman of the Senate Select Committee on Intelligence, said in a Feb. 19 statement.

House Intelligence Committee Chairman Mike Rogers (R-Mich.) said in a Feb. 19 statement that the report provides vital insights into the Chinese government's economic cyber-espionage campaign against U.S. companies.

Rogers and Ranking Member C. A. “Dutch” Ruppersberger (D-Md.) Feb. 13 reintroduced a cybersecurity bill (H.R. 624) that seeks to improve cyberthreat information-sharing in the United States between the government and private sector (12 PVLR 273, 2/18/13). Among other provisions the bill would provide liability protection to firms that share information with the government.

Mandiant is the same firm that South Carolina officials recently contracted to conduct an independent review analyzing a massive hacking attack on the state Department of Revenue's taxpayer database (11 PVLR 1730, 12/3/12).

By Alexei Alexis with additional reporting by Michael Standaert (Shenzhen, China)  

The Mandiant report “Mandiant Intelligence Center Report APT1: Exposing One of China's Cyber Espionage Units,” and its appendix are available for download at


Request Bloomberg Law: Privacy & Data Security