Aerospace, Telecommunications Companies High on the List for Hackers MIKE GRUSS, WASHINGTON
WASHINGTON —Aerospace and telecommunications companies, including satellite firms, have been frequent targets of a group of hackers believed to have Chinese military backing, according to a report by a top cybersecurity firm.
Mandiant of Alexandria, Va., investigated intrusions at more than 140 companies over seven years and found many of the security breaches matched characteristics of a prolific group they referred to as APT1, short for Advanced Persistent Threat.
“The details we have analyzed during hundreds of investigations convince us that the groups conducting these activities are based primarily in China and that the Chinese Government is aware of them,” the report, released Feb. 19, said.
As many as 82 percent of the targeted firms are U.S. based, the report, “Exposing One of China’s Cyber Espionage Units,” said.
A Chinese embassy spokesman denied the accusations.
Aerospace companies, at least 15 of which were hacked during the period, ranked second on the list of preferred targets, behind only information technology companies, Mandiant said. Telecommunications firms, a subset of which utilize or produce satellite-related technology, were fourth on the list, with more than 10 reported intrusions, according to the report.
“APT1 targeted numerous companies that provide fixed satellite services, radar and sensor technology, avionics research, and other satellite research,” Mandiant spokeswoman Susan Helmick wrote in an email to SpaceNews.
Bethesda, Md.-based Lockheed Martin Corp., the largest U.S. defense and space company, was among those whose computers have been breached.
“Lockheed Martin is a frequent target of cyber adversaries, including those identified in the Mandiant report,” Jennifer Allen, a company spokeswoman, wrote in an email. “We remain confident that our multi-layer, intelligence-driven cyber security systems protect from these cyber threats.”
A timeline included in the Mandiant study showed at least 11 security breaches in the aerospace industry dating back to 2009. That included four attacks in 2011 and three in 2012. It also mentioned another 11 breaches in the satellite and telecommunications industry during the 2011 to 2012 timeframe.
The report said it was difficult to determine how much information the group had stolen, but that generally the group had copied product development, manufacturing procedures, business plans and policy positions, among other documents.
Mandiant’s leaders felt confident they had tracked the cyberhackers executing the attacks to an area where a Chinese military team, labeled Unit 61398, is based.
“We believe that APT1 is able to wage such a long-running and extensive cyber espionage campaign in large part because it receives direct government support,” the report read. “In seeking to identify the organization behind this activity, our research found that People’s Liberation Army (PLA’s) Unit 61398 is similar to APT1 in its mission, capabilities and resources. PLA Unit 61398 is also located in precisely the same area from which APT1 activity appears to originate.”
U.S. Rep. Mike Rogers (R-Mich.) introduced a cybersecurity bill Feb. 13 to allow the federal government to share classified threat information with companies in order to help those businesses better protect themselves. “The Mandiant report provides vital insights into the Chinese government’s economic cyber espionage campaign against American companies,” Rogers said in a statement. “It is crucial that the Administration begin bilateral discussions to ensure that Beijing understands that there are consequences for state sponsored economic espionage.” Geng Shuang, a spokesman for the Chinese embassy here, said in a statement that Chinese laws prohibit cyberattacks and that criticism based on “rudimentary data is irresponsible, unprofessional and does not contribute to the resolution of the issue. “Cyber attacks are transnational and anonymous. Determining their origins is extremely difficult,” he said. “We don’t know how the evidence in this so-called report can be tenable.”