DAVID E SANGER & NICOLE PERLROTH
Three months after hackers working for a cyberunit of Chinas Peoples Liberation Army went silent amid evidence that they had stolen data from scores of American companies and government agencies,they appear to have resumed their attacks using different techniques,according to computer industry security experts and American officials.
The Obama administration had bet that naming and shaming the groups,first in industry reports and then in the Pentagons own detailed survey of Chinese military capabilities,might prompt Chinas new leadership to crack down on the militarys highly organized team of hackers or at least urge them to become more subtle.
But Unit 61398,whose well-guarded 12-storey white headquarters on the edges of Shanghai became the symbol of Chinese cyberpower,is back in business,according to American officials and security companies.
It is not clear precisely who has been affected by the latest attacks. Mandiant,a private security company that helps companies and government agencies defend themselves from hackers,said the attacks had resumed but would not identify the targets,citing agreements with its clients. But it did say the victims were many of the same ones the unit had attacked before.
The hackers were behind scores of thefts of intellectual property and government documents over the past five years,according to a report by Mandiant in February that was confirmed by US officials. They have stolen product blueprints,manufacturing plans,clinical trial results,pricing documents,negotiation strategies and other proprietary information from more than 100 of Mandiants clients,predominantly in the United States.
According to security experts,the cyberunit was responsible for a 2009 attack on the Coca-Cola Company that coincided with its failed attempt to acquire the China Huiyuan Juice Group. In 2011,it attacked RSA,a maker of data security products used by US government agencies and defence contractors,and used the information it collected from that attack to break into the computer systems of Lockheed Martin,the aerospace contractor.
More recently,security experts said,the group took aim at companies with access to US power grid. Last September,it broke into the Canadian arm of Telvent,now Schneider Electric,which keeps detailed blueprints on more than half the oil and gas pipelines in North America.