In February, the American cyber security company Mandiant released a report “exposing one of China’s cyber espionage units” (PDF here). A large chunk of it boils down to three findings: The attacks on US infrastructures originated in China, they were orchestrated by a large and resourceful group, and Mandiant has studied that group to the extent where they can tell individual members apart.
Finally the authors point out that the activities of this “Advanced Persistent Threat #1” (APT1) have been tracked to a certain location in Shanghai, which also happens to host the headquarters of a Chinese military unit (PLA Unit 61398) dealing with cyber security. So Mandiant claims to be able to trace breaches into private U.S. security systems back to a unit of the People’s Liberation Army.
Cyber security analyst Jeffrey Carr has pointed out that the report leaves a lot to be desired, and that some of the claims about linking APT-1 to the PLA Unit 61398 appear to be wrong. There’s no reason to suspect that Carr naively wants to protect China. His comments rather illustrate the difficulty of attributing cyber “attacks” or “espionage” to particular actors.
Yet establishing such a chain of evidence is the whole point of the Mandiant report and the reason it got so much attention!