An elite military unit of Chinese hackers is likely behind a wave of attacks on U.S. government and business computer systems, according to a report released on Tuesday by the American security firm Mandiant.
Analysts traced a series of attacks to a 12-story building in the Pudong district of Shanghai. They concluded that the building, which likely holds hundreds or even thousands of employees, is almost certainly the headquarters of China's secretive cyber war division, the People's Liberation Army Unit 61398.
A state-owned telecommunications company provided special fiber optic cable to the building in the name of national defense, according to the 74-page report. The analysts said that the hackers, who are required to be proficient in English, likely have a sizable support staff of linguists, researchers and industry experts.
The analysts said the hackers periodically revisit the networks of victims over the course of several months or years to steal information such as blueprints, test results, business plans, pricing documents and emails.
"It is time to acknowledge the threat is originating from China, and we wanted to do our part to arm and prepare security professionals to combat the threat effectively," Dan McWhorter, Mandiant's managing director of threat intelligence, said in a statement explaining the firm's decision to release the information.
The Chinese government denied the allegations.
"Cyberattacks are anonymous and transnational, and it is hard to trace the origin of attacks, so I don't know how the findings of the report are credible," Chinese Foreign Ministry spokesman Hong Lei said at a press conference on Tuesday, according to The Wall Street Journal.
The report did not name any of the victims, but attacks on the U.S. Chamber of Commerce, Coca-Cola and major media companies including The New York Times and The Wall Street Journal have been tied to hackers in China.
The attack on the Times likely came from a different group, according to the paper.
House Intelligence Committee Chairman Mike Rogers (R-Mich.) has warned that the United States is losing a cyber war with China.
Rogers, along with committee ranking member Dutch Ruppersberger (D-Md.), introduced legislation last week that would allow companies and the government to share more information about cyber threats.
"American businesses are under siege. We need to provide American companies the information they need to better protect their networks from these dangerous cyber threats," Rogers said in a statement when he introduced the Cyber Intelligence Sharing and Protection Act (CISPA).
But privacy advocates and many Democrats argue that CISPA would encourage companies to share their customers' sensitive personal information with spy agencies such as the National Security Agency (NSA). The House passed CISPA last year, but the Senate pursued its own legislation.
Democrats and the Obama administration are especially worried about the potential for hackers to disrupt critical infrastructure, such as an air traffic control system or banks.
Ahead of the State of the Union address last week, President Obama signed an executive order that will create a voluntary set of cybersecurity best-practices for companies that operate critical infrastructure.
The order also requires federal agencies to share more information about cyber threats to U.S. companies and the public.
"The United States has substantial and growing concerns about the threats to U.S. economic and national security posed by cyber intrusions, including the theft of commercial information," White House spokeswoman Caitlin Hayden said on Tuesday.
Pointing to the executive order, Hayden said the U.S. government is taking an "active approach" to defending against cyberattacks.
"And we have repeatedly raised our concerns at the highest levels about cyber theft with senior Chinese officials, including in the military, and we will continue to do so," she said. "The United States and China are among the world’s largest cyber actors and it is vital that we continue a sustained, meaningful dialogue and work together to develop an understanding of acceptable behavior in cyberspace."
—This story was updated at 11:56 a.m.