Chinese Army Unit Is Seen as Tied to Hacking Against U.S.

Headquarters building of PLA Unit 61398

On the outskirts of Shanghai, in a run-down neighborhood dominated by a 12-story white office tower, sits a People’s Liberation Army base for China’s growing corps of cyberwarriors.

The building off Datong Road, surrounded by restaurants, massage parlors and a wine importer, is the headquarters of P.L.A. Unit 61398. A growing body of digital forensic evidence — confirmed by American intelligence officials who say they have tapped into the activity of the army unit for years — leaves little doubt that an overwhelming percentage of the attacks on American corporations, organizations and government agencies originate in and around the white tower.

An unusually detailed 60-page study, to be released Tuesday by Mandiant, an American computer security firm, tracks for the first time individual members of the most sophisticated of the Chinese hacking groups — known to many of its victims in the United States as “Comment Crew” or “Shanghai Group” — to the doorstep of the military unit’s headquarters. The firm was not able to place the hackers inside the 12-story building, but makes a case there is no other plausible explanation for why so many attacks come out of one comparatively small area. Continue reading

Iranian Cyber Attacks Step Up

The Iranian government recently conducted a major cyber attack on a major U.S. financial institution that a military intelligence report said is a sign Tehran is waging covert war against the West.

The cyber attack was not successful but was one of several Iranian-backed electronic strikes detected in recent months that highlights the growing threat from Tehran, a major backer of international terrorism, according to a recent report by the Joint Staff intelligence directorate, known as J-2.

No other details were available on the previously undisclosed attempted Iranian financial cyber attack.

A Joint Staff spokesman declined to comment.

In the past, China and Russia were singled out as major nation-state cyber threats, using their militaries and intelligence services to conduct sophisticated cyber-espionage and preparation for future cyber sabotage in a conflict.

Now, Iran is emerging as a strategic threat to U.S. cyber systems that control critical infrastructure such as military systems, financial networks, communications, the electrical power grid, transportation networks, and other vital functions.

“They’re technically proficient, well-funded, and have placed a top priority on cyber defense and offense thanks in large part to the high number of sophisticated malware discovered on their oil and energy networks,” said Jeffrey Carr, a cyber warfare specialist.

Full article: Iranian Cyber Attacks Step Up (Washington Free Beacon)