Prolific cyber espionage group tied to the Chinese military

US security firm says a secretive branch of China's military in Shanghai is probably one of the world's 'most prolific cyber espionage groups'

A US cyber security firm says a secretive branch of China's military based in Shanghai is probably one of the world's "most prolific cyber espionage groups".  

According to Mandiant, Unit 61398 has "systematically stolen hundreds of terabytes of data" from at least 141 organisations around the world, but mainly in the UK, US and Canada, said the Guardian.

Mandiant’s report is based on investigations into hundreds of data breaches since 2004, most of which it attributed to "Advanced Persistent Threat" actors, the most active being Unit 61398. 

The US said it had taken its concerns about cyber-theft to the highest levels of China's government, but it had denied hacking and questioned Mandiant's report, according to the BBC.

China’s foreign ministry said hacking attacks are transnational and anonymous, and it is extremely difficult to determine their origins.

Despite the denials, members of a BBC film crew were detained while filming the Shanghai site identified by Mandiant and they were released only after handing over the material they had recorded.

According to the Mandiant report, the unit is staffed by hundreds of proficient English speakers with advanced computer security and networking skills

The report claims the unit is able to steal from dozens of networks simultaneously, and has stolen hundreds of terabytes of information including blueprints, business plans and pricing documents.

Mandiant’s study showed that members of the unit were able to go undetected inside company networks for an average of 356 days and targeted industries identified by China as strategically important.

Concerns about such cyber activities were highlighted by US President Barack Obama in his State of the Union address.

The president signed a long-awaited executive order requiring federal agencies to share cyber threat information with private companies.

The order also requires the creation of a cyber security framework aimed at reducing risks to companies providing critical infrastructure.

The US is particularly concerned that cyber attackers will use their stealth capabilities to gain access to key parts of the national infrastructure such as gas lines, power grids and waterworks.

Obama warned during his recent State of the Union address that the nature of the cyber threat was changing.

The concern is that once attackers gain access to key networks, they could cause physical damage to the infrastructure that the computers control before any intrusion is detected.

Read more about critical infrastructure

Read more on Hackers and cybercrime prevention