Beijing says defence ministry and another site subjected to 1.7m attacks last year, two-thirds of which came from within America
Two Chinese military websites were subject to about 144,000 hacking attacks a month last year, almost two-thirds of which came from the US,China’s defence ministry has said.
Earlier this month the US security company, Mandiant, identified the Shanghai-based Unit 61398 of the Chinese army as the most likely culprits behind the hacking targeting the US, triggering a war of words between Washington and Beijing. China denied the allegations and said it was the victim.
Beijing has now provided some details for the first time of the alleged attacks from the US. “The defence ministry and China military online websites have faced a serious threat from hacking attacks since they were established, and the number of hacks has risen steadily in recent years,” said a ministry spokesman, Geng Yansheng, on Thursday.
“According to the IP addresses, the websites were, in 2012, hacked on average from overseas 144,000 times a month, of which attacks from the US accounted for 62.9%.”
“We hope that the US side can explain and clarify this,” he added.
Keeping the war of words between the mighty powers aside, whether the organizations prepared to secure their IT resources from hackers – cross border or employees – and manage the risk?
Thanks to the global media and IT security forums for headlines and discussions in recent weeks,you might not have missed the news that digital forensic investigation firm Mandiant has accused People’s Liberation Army (PLA) Unit 61398, a Chinese military cyber operations group, for launching persistent threat attacks against many businesses and government organizations since 2006.
The panic button , pointing Chinese hackers, has been pressed. Well, what next?
“If you know that the People’s Liberation Army is spying on you, do you change your defenses? How? Do you look for Chinese language intrusion prevention tools?” said Alan Paller, director of research for SANS, in a recent newsletter.
Thanks to the Department of Revenue of South Carolina, which stored 3.3 million bank account numbers, as well as 3.8 million tax returns containing Social Security numbers for 1.9 million children and other dependents, in an unencrypted format. When the infamous data breach was detected, the blame was on unnamed Russian hackers. The state has now urged anyone who has filed a tax return in South Carolina since 1998 to contact law enforcement officials. Why South Carolina authorities did not learn anything from the Utah and Texas breaches?
Very recently, we all were flooded with reports that tech giants Apple, Facebook, Twitter and Microsoft were all compromised by attackers who gained access to a third-party iOS development website, then used it to infect visitors’ Mac OS X systems using drive-by malware attacks thanks to a zero-day vulnerability in Java. These companies responding cautiously on the attacks and still claiming to be maintaining best standards of security.
Seriously speaking, does it matter who attacked them?
Across the globe, IT has become highly critical for survival of the businesses. The important issue is whether you have an effective & updated information security policy and practices document? Do you have and follow robust information security practices? Is your network can be owned by anyone – a hacker, an ex-employee, a corporate espionage inside agent, cross border agencies ? Is your data safe – with strong need to access practices and logs that are reviewed meaningfully?
In essence, the question is a simple and straight forward one – Do you able to protect your business in a cost-effective way? Or even simpler – do you have an IT Governance framework?
A report, released yesterday by security firm Mandiant, highlighted again how China’s programme of state-sponsored cybercrime, with its own dedicated military unit (Unit 61398), has stolen hundreds of terabytes of data from English-speaking companies. The groundbreaking report released on Tuesday, cited highly detailed evidence to support a claim that the Chinese government, through Unit 61398 of the People’s Liberation Army, has been engaging in systematic attacks on American interests, as well as those of other English-speaking nations around the globe, over the course of the past 6 years. The report, which included domain names, IP addresses, SSL certificates, and MD5sums of malicious binaries, has already caused a major political stir, with the Obama administration set to impose trade penalties for cybertheft, with the Chinese government denying any involvement.
Highlights of the report:
- APT1 is believed to be the 2nd Bureau of the People’s Liberation Army (PLA) General Staff Department’s (GSD) 3rd Department, which is most commonly known by its Military Unit Cover Designator (MUCD) as Unit 61398.
- APT1 has systematically stolen hundreds of terabytes of data from at least 141 organizations.
- APT1 focuses on compromising organizations across a broad range of industries in English-speaking countries.
- APT1 maintains an extensive infrastructure of computer systems around the world.
- In over 97% of the 1,905 times Mandiant observed APT1 intruders connecting to their attack infrastructure, APT1 used IP addresses registered in Shanghai and systems set to use the Simplified Chinese language.
- The size of APT1’s infrastructure implies a large organization with at least dozens, but potentially hundreds of human operators.
- In an effort to underscore that there are actual individuals behind the keyboard, Mandiant is revealing three personas that are associated with APT1 activity.
- Mandiant is releasing more than 3,000 indicators to bolster defenses against APT1 operations.