HONG KONG (CNNMoney) — An American cybersecurity firm has linked one of the world’s most prolific groups of computer hackers to the Chinese government, saying in a new report that an extensive cyber-espionage campaign is being waged from a location near Shanghai.
The security firm, Mandiant, detailed the allegations in a 60-page report published Tuesday that describes the group’s tactics over a six-year period.
The Virginia-based Mandiant, which helps companies detect and respond to cyber threats, said it has observed the group of hackers — called the “comment crew” — systematically steal hundreds of terabytes of data from at least 141 organizations across 20 industries worldwide since 2006.
Mandiant claims the activity can be traced to four networks near Shanghai — with some operations taking place in a location that is also the headquarters of Unit 61398, a secret division of China’s military.
“The sheer scale and duration of sustained attacks against such a wide set of industries from a singularly identified group based in China leaves little doubt about the organization behind [the group],” Mandiant said. “We believe the totality of the evidence we provide in this document bolsters the claim that [the group] is Unit 61398.”
Chinese foreign ministry spokesman Hong Lei dismissed the hacking charges on Tuesday, insisting that China was the victim of many cyberattacks — most originating in the United States.
“Making baseless accusations based on premature analysis is irresponsible and unprofessional,” he said. “China resolutely oppose any form of hacking activities.”
Last month, the Chinese defense ministry said the country’s military “has never supported any hacker activities.”
The latest accusation against Beijing comes amid concerns about the breadth and depth of cyberattacks originating in China. Recently, several leading U.S. news organizations reported their computer systems had been attacked by China-based hackers.
Mandiant estimates that hundreds, and perhaps thousands, of people work within Unit 61398, which is housed in a 12-story, 130,663 square-foot facility.
Organizations in English-speaking countries are the primary victims of the comment crew — making up 87% of the 141 attacks observed by Mandiant. One hundred and fifteen attacks targeted organizations in the United States.
The hackers have a “well-defined attack methodology,” and Mandiant said the group has stolen large volumes of intellectual property, including technology blueprints, proprietary manufacturing processes and business plans.
The report did not list companies or agencies that have been attacked.
Mandiant was able to pinpoint the identities of three individuals working with the group. The report identifies the hackers who use the monikers “Ugly Gorilla,” “dota” and “SuperHard.” It tracks their activities in an unusually detailed manner, including information on their e-mail accounts, cell phones and hacking techniques.
Government and intelligence officials in the United States are increasingly concerned about the threats posed by cybercrime, especially from government actors.
Outgoing Defense Secretary Leon Panetta said last year that a cyberattack could be crippling, citing risks to the power grid, Wall Street and the financial system.
“We are literally getting hundreds of thousands of attacks everyday that try to exploit information in various agencies and departments and frankly throughout this country,” Panetta said.
Earlier this month, President Obama signed an executive order designed to address the country’s most basic cybersecurity needs — and highlighted the effort in his State of the Union address.
The order will make it easier for private companies in control of the nation’s critical infrastructure to share information about cyberattacks with the government. The order also directs the government to work with the private sector on standards that will help protect companies from cybercrime.
In recent weeks, The New York Times, Washington Post and Wall Street Journal have disclosed that their computer networks had been targeted by hackers in China.
The New York Times, which hired Mandiant to help mitigate the threat, reported Tuesday that the comment crew was not the source of the attack on its network.
Of course, China is not the only country thought to be involved in cyberattacks. The existence of several other state-sponsored cyberweapons have been reported in recent years, with names like Stuxnet, Duqu and Flame. The U.S. government is widely believed to have played a role in developing some of those viruses, with an eye toward containing Iran.