Mandiant Exposes Chinese Hacking Unit

The now infamous Mandiant report exposing one of China’s Cyber Espionage Units certainly got a buzz going on the national media. It seemed to be everywhere.

As my friend Jody Westby pointed out in her excellent blog post yesterday, what Mandiant revealed did not come as news to anyone following the dismal trail of data breaches in the United States. China’s denial of state-sponsored hacking has been roundly refuted by one and all.

As Jody noted, “What is news in the Mandiant report is how they conducted their forensic investigation. Mandiant actually tracked the attackers’ communications back to a compromised “hop point” (middle man computer), obtained the cooperation of the compromised middle organization, and captured the keystrokes of the criminals as they were conducting their ‘work’.”

Mandiant and some of its client companies have been amassing evidence for several years, having watched this particular group of hackers, who work out of a building housing a People’s Liberation Army Unit on the outskirts of Shanghai. Mandiant observed and recorded (complete with screenshots) while it attacked companies in 20 industries since 2006.

Jody called the issuance of the report courageous and I couldn’t agree more. Mandiant fully expects reprisals from China. And indeed it should – it just painted a bulls-eye on its corporate forehead. For that – and the years of hard work that went into this report, Mandiant deserves our thanks.

You can download the report here.

 -Sharon Nelson

Sharon Nelson is speaking at ABA TECHSHOW 2013 on topics in security and digital forensics. Don’t miss this year’s Plenary Session with Sharon Nelson and John Simek, On the Trail of the Craigslist Killer: A Case Study in Digital Forensics.