According to the New York Times, U.S-based security research firm Mandiant claims it has traced the "overwhelming majority" of cyberattacks targeting American businesses to an innocuous 12-story office building located in Shanghai, China. The tower, American intelligence officials claim, is thought to be the headquarters for the People's Liberation Army, Unit #61398 -- the seat for many computer-based attacks launched by the Chinese military.
Mandiant's full 60-page report on the matter hasn't been released yet, but the New York Times was issued an advanced copy for review.
"Either they are coming from inside Unit 61398," stated Kevin Mandia, the founder and CEO of Mandiant, "or the people who run the most-controlled, most-monitored Internet networks in the world are clueless about thousands of people generating attacks from this one neighborhood."
If "Mandiant" sounds familiar, that's likely because it was recently hired by the New York Times. After noticing unusual network traffic, the news outlet turned to AT&T -- its ISP -- to finger the issue. The telco confirmed suspicious network activity, but warned the Times that observed traffic patterns were a close match to previously monitored cyberattacks thought to have been performed by the Chinese Military. Forced to dive deeper into the issue, the New York Times hired Mandiant, who eventually determined the Times had been infiltrated by supposed Chinese hackers.
In addition to Mandiant's own work, numerous other security firms have traced hackers to the same neighborhood where that fabled Shanghai office building resides. These hackers are typically identified as the "Comment Crew" or "Shanghai Group" and have been determined by U.S. intelligence officials as having direct ties to the People's Liberation Army, Unit #61398.
According to Mandiant's report, over 140 detected network intrusions since 2006 have been attributed to the Comment Crew -- some of which include the likes of RSA and Coca-Cola. The recent attacks launched against The New York Times though, are believed to have been carried out by a different set of Chinese-based attackers.
Dell's security arm, SecureWorks, reportedly believes the Comment Crew has been involved "Operation Shady RAT" -- the massive, long-term series of cyberattacks we mentioned in 2011.