Chinese Military Increases Scope of Cyberattacks on the US

April 14, 2014 Updated: April 14, 2014

After several major cyberattacks were traced to the Chinese military in February 2013, hackers in China’s People’s Liberation Army (PLA) have not only continued their attacks against the United States, but they are attacking on an even larger scale, and with greater frequency.

“Across numerous industries, we’ve increasingly observed the Chinese government conduct expansive intrusion campaigns to obtain information to support state-owned enterprises,” states a new report from security company Mandiant.

“This translates into data theft that goes far beyond the core intellectual property of a company, to include information about how these businesses work and how executives and key figures make decisions,” it states.

After stealing information on how a company works, the Chinese regime then feeds the information to its state-run companies, which can then use it to compete internationally. The data can be used either to boost operations, or to give them insider knowledge when negotiating deals.

The report notes that, while China’s state-run cyberattacks regularly make headlines around the world, there are many serious attacks that get little attention.

Chinese hackers stole data, including research and financial records, from journalists and high-level executives at a media organization unnamed by the report. The stolen data was related to news coverage on China.

Executives and managers at an unnamed energy company had their email accounts compromised and had data stolen by Chinese hackers. The stolen data included information on a joint venture with a unit of the Chinese government on a clean energy project.

The above attacks are just the tip of the iceberg. Aside from China’s operations to steal information on how to build U.S. military equipment, according to Mandiant, Chinese military hackers are robbing American businesses of nearly everything they can find. This includes negotiation plans, budget information, organizational charts, meeting minutes, and much more.

Mandiant was the company that originally traced cyberattacks to Unit 61398 of the PLA in 2013.

It states that after exposing the PLA’s attacks, attackers went dormant for a short while, then resumed their cyberattacks.

One group of China’s military hackers, APT12, went dormant for only five days before restarting its attacks, and had resumed full-scale attacks close to 150 days later.

Another group of Chinese military hackers, APT1, went dormant for 41 days, excluding a seven-day Chinese holiday, before starting again. It resumed its full-scale attacks close to 160 days after being exposed.

The PLA’s continuation of the attacks, despite being caught, is not uncommon for China. The report states that in 40 percent of attacks, Chinese hackers returned even after being caught.

Mandiant also notes they’ve been observing state-run Chinese cyberattacks since at least 2006, the victims only detected the Chinese attacks 33 percent of the time, and the Chinese hackers spent an average of 243 days on a victim’s computer.

Follow Joshua on Twitter: @JoshJPhilipp