Quick look: Did China’s army hack US companies?

Security firm Mandiant says that for past seven years a group inside China's People's Liberation Army hacked 141 companies.

China Mandiant

China’s military denies it but security firm Mandiant says that government has stolen tons of data from U.S. companies over the past seven years. Mandiant says that an infamous group inside China's People's Liberation Army known as "Unit 61398" compromised 141 companies spanning 20 major industries. Here’s a quick look at the group and recent events.

RELATED: 10 ways the Chinese Internet is different from yours 

Is EVERYTHING made in China?

china
Reuters

A Chinese People's Liberation Army soldier stands guard in front of 'Unit 61398', a secretive Chinese military unit, in the outskirts of Shanghai. The unit is believed to be behind a series of hacking attacks, prompting a strong denial by China and accusations that it was in fact the victim of U.S. hacking.

China
Reuters

According to the Wall Street Journal, China's Foreign Ministry spokesman Hong Lei, when asked if China believed that the U.S. government is behind the attacks, said "we can only say they originated in the U.S.," which he said was "entirely different from media reports that the Chinese government or the Chinese military are responsible" for the attacks detailed in the U.S. computer security firm's report. He cited research by a Chinese computer emergency response center affiliated China's Ministry of Industry and Information Technology.

A BBC reporter was detained while looking into the hacking story.

China
Reuters

A general view of Unit 61398 located in a 130,663 square-foot building on Datong Road in Gaoqiaozhen, in the Pudong New Area of Shanghai.

China
Reuters

Another shot of Unit 61398 which Mandiant says engages in Advanced Persistent Threat security activities.

China
Reuters

Unit 61398 is considered by China to be a state secret, but Mandiant said it uses tools that the security firm finds have not been used by other groups, including two tools for stealing emails called GETMAIL and MAPIGET. Once the group has established access, it periodically revisits the victim's network over several months or years to steal a variety of intellectual property, including technology blueprints, proprietary manufacturing processes, test results, business plans, pricing documents, partnership agreements, and emails and contact lists from the leadership of the victim organizations, Mandiant said.

China
Reuters

A Chinese People's Liberation Army soldier stands guard in front of 'Unit 61398',

China
Reuters

Another interesting point from Mandiant: The sheer scale and duration of sustained attacks against such a wide set of industries from a singularly identified group based in China leaves little doubt about the organization behind APT1. We believe the totality of the evidence we provide in this document bolsters the claim that APT1 is Unit 61398. However, we admit there is one other unlikely possibility: A secret, resourced organization full of mainland Chinese speakers with direct access to Shanghai-based telecommunications infrastructure is engaged in a multi-year, enterprise scale computer espionage campaign right outside of Unit 61398’s gates, performing tasks similar to Unit 61398’s known mission.

China
Reuters

Mandiant was a also involved in the investigation around the recent breach investigation at The New York Times. In that incident hackers from China breached the computer network of The New York Times and stole passwords that allowed them to gain access to computers and email accounts. The initial intrusion happened sometime around Sept. 13 while the Times reporters were working on a story about the multibillion-dollar fortune accumulated by relatives of China's Prime Minister Wen Jiabao, the Times report said.