Cyber attacks on U.S. corporations, organizations and government agencies are largely coming from a 12-story tower in Shanghai that is home to a Chinese army unit, a U.S. computer security firm says in a study.
The New York Times reports Mandiant was not able to precisely place the hackers in the building, home to People's Liberation Army Unit 61398, but says there can be no other explanation for why so many attacks come from that area of the city.
Kevin Mandia, the founder and chief executive of Mandiant, told the Times the attacks either come from Unit 61398 or those in charge of China-based Internet networks do not know about how the attacks come from that neighborhood.
Mandia told the Times more than 90 percent of the 141 attacks the firm studied came from the same neighborhood as Unit 61398’s building and that area contained two Internet Protocol addresses used in the attacks.
Mandiant traced 3,000 addresses and other attack source indicators to the group it identified as Advanced Persistent Threat 1 and determined the evidence shows APT 1 is Unit 61398.