Mandiant CEO and founder Kevin Mandia and Chief Security Officer Richard Bejtlich presented the report Tuesday to Sen. Kay Hagan,D-N.C,chair of the Armed Services Subcommittee on Emerging Threats and Capabilities.
The Mandiant report describes the workings and methods of “Advanced Persistent Threat 1,” a cyber-espionage unit believed to be part of the People’s Liberation Army.
Since 2006,Mandiant has been tracking the digital fingerprints left by APT1,and hasobserved the unit compromise 141 companies across 20 major industries. The largest data theft by APT1 amounted to 6.5 terabytes over 10 months — equivalent to more than 1.3 million digital images.
“The digital fingerprints of this intrusion group married up at 141 different victim companies,” Mandia said. “As we followed that technical thread,it brought us from computer to computer to a region in Shanghai.”
That region in the city,known as the Pudong New Area,is home to Unit 61398,a bureau of the People’s Liberation Army.
The Mandiant report concludes that Unit 61398 is APT1 — and thus a ring of government-sponsored cyber spies.
“We can say with confidence that they are Chinese units,” Bejtlich said. “We don’t know that they are necessarily military.”
“Would you say they’re government?” Fischer asked.
“I would say at least government-sanctioned,” Bejtlich replied.
Fischer wanted to know what happens to the information after it has been stolen,but neither Mandia nor Bejtlich knew. The amount of information is so great,however,that it would take an enormous amount of resources to make sense of it.
“It’s mind-boggling how many people it would take to go through terabytes and terabytes of information,” Mandia said. “In your whole life,you’re never going to read a terabyte of information.”
The Mandiant report is exposing the group,as well as individuals behind the keyboard,in the hope it will increase defenses against APT1. Mandia described his decision to release the report as giving APT1 the “Mike Tyson uppercut.” By releasing information,Mandiant may force the group to change its digital tactics,possibly giving data owners an upper hand.
“The nice thing about it as we take control of the game and start pushing the mouse in the other directions,we can start predicting what they’re going to do,” Mandia said. “And the minute we start predicting what their reactions will be,we’re starting to win at the game.”
Reach reporter Matt Nelson at [email protected] or 202-408-2735. SHFWire stories are free to any news organization that gives the reporter a byline and credits the SHFWire.