infamous hacking group affiliated with China's military that was
exposed in February has quietly returned after laying low for several
months, said an expert with the consulting firm that outed it. Mandiant released a reportthat
pinned numerous cyber-intrusions on Unit 61398 of China's People
Liberation Army. The unit, which is based in Shanghai, curtailed its
activities after the report's initial release, said Richard Bejtlich,
the firm's chief security officer, but it has recently begun to pick up
where it left off.
group itself went quiet for a while. They changed the nature of their
activities [and] they removed some of the tools they had been using
inside different companies. But over the course of the last several
weeks, it seems like they are starting to come back and ramp up," Bejtlich said May 15 at the Center for National Policy, a Washington, D.C.-based think tank.
61398 has been linked to the theft of huge amounts of intellectual
property throughout the world, according to the Mandiant report. It has
stolen hundreds of terabytes of data from at least 141 organizations,
with the majority of them based in English-speaking countries. It is
possible that the unit employs hundreds of operators, the report said.
Unit 61398, Mandiant is monitoring 23 other known hacker groups
throughout the world. While he could not say exactly how much data has
been stolen, he said it is enormous.
But the threat isn't just in
lost data, Bejtlich said. If a group can infiltrate a network to steal
data, it can also destroy that network.
"Whenever you hear
someone say, 'Don't worry, it's just espionage.' [It's important to
realize that] espionage easily can escalate to destruction. It's just
the prerogative of the intruder," said Bejtlich. Another issue
Betjlich highlighted was the corruption of data, which he called a
"middle ground" between espionage and destruction.
"In some ways it's the toughest one to identify because most companies don't necessarily know what the data should be," he said.
cyber security bills were introduced into Congress during the 112th
session, but none came to fruition. Earlier this year, President Barack Obama announced an executive order
which asked in part for an expansion of the Defense Industrial Base
Information Sharing Program, which alerts the Defense Department to
attacks on participating companies' software. While Bejtlich
called on Congress to pass legislation, he also said solutions could be
found by countries working together. Better communication between
nations, and firmer regulations and rules could help alleviate some
cyber-attacks. Even a pact between just a handful of countries would be
beneficial if it could evolve beyond only talking, Bejtlich said.
think government-to-government discussions are necessary, but they will
not be sufficient. I think we will ultimately be disappointed if it's
simply a discussion," said Bejtlich. The United States, United
Kingdom, Canada, Australia, New Zealand and Israel are the top countries
in the world when it comes to cyberdefense, said Bejtlich. Japan and
South Korea are also beefing up their defensive capabilities in light of
more frequent attacks, he said. Photo Credit: Thinkstock