Chinese military unit behind 'prolific and sustained hacking'

Security firm says Unit 61398 has stolen hundreds of terabytes of data from at least 141 organisations in US, UK and Canada

A secretive Chinese military unit is believed to be behind a prolific series of hacking attacks, a US computer security company has said, contradicting claims in Beijing that the government is not involved in such operations.

The report, by Mandiant, identified the People's Liberation Army's (PLA) Shanghai-based Unit 61398 as the most likely perpetrators of the hacking. The company said it believed the unit had carried out "sustained" attacks on a wide range of industries.

"The nature of Unit 61398's work is considered by China to be a state secret; however, we believe it engages in harmful computer network operations," Mandiant said. "It is time to acknowledge the threat that is originating in China, and we wanted to do our part to arm and prepare security professionals to combat that threat effectively."

China has dismissed the allegations as "groundless", saying it strictly outlaws the practice, and says it has also been a victim of such crimes.

Questioned on the report, the foreign ministry spokesman Hong Lei said he doubted the evidence would withstand scrutiny. He said: "To make groundless accusations based on some rough material is neither responsible nor professional."

Unit 61398 is based in the Pudong district, China's financial and banking hub, and is staffed by perhaps thousands of people proficient in English as well as computer programming and network operations, the report said.

It said the unit had "stolen hundreds of terabytes of data from at least 141 organisations across a diverse set of industries beginning as early as 2006". Most of the victims were located in the US, with smaller numbers in Canada and Britain. The information stolen included details on mergers and acquisitions and the emails of senior employees, the report said.

China has consistently denied being involved in such activities, but experts have dismissed the denials. "The PLA plays a key role in China's multifaceted security strategy, so it makes sense that its resources would be used to facilitate economic cyber-espionage that helps the Chinese economy," said Dmitri Alperovitch, chief technology officer and co-founder of CrowdStrike, a web security firm.