The FBI on Wednesday issued a private warning to industry that a group of highly skilled Chinese government hackers was in the midst of a long-running campaign to steal valuable data from U.S. companies and government agencies.
“These state-sponsored hackers are exceedingly stealthy and agile by comparison with the People’s Liberation Army Unit 61398 . . . whose activity was publicly disclosed and attributed by security researchers in February 2013,” said the FBI in its alert, which referred to a Chinese military hacker unit exposed in a widely publicized report by the security firm Mandiant.
Indeed, U.S. officials say privately, the activities of this group are just as significant — if not more so — than those of Unit 61398.
The U.S. government has publicly called on the Chinese government to halt its widespread cybertheft of corporate secrets, but Beijing has denied such activities. When the Justice Department in May announced the indictments of five PLA officials on charges of commercial cyberespionage, the government responded by pulling out of talks to resolve differences between the two nations over cyberspace issues.
The FBI’s alert, obtained by The Washington Post, coincided with the release of a preliminary report on the same hackers by a coalition of security firms, which have dubbed the group Axiom. “The Axiom threat group is a well-resourced and sophisticated cyber espionage group that has been operating unfettered for at least four years, and most likely more,” said the report, issued by Novetta Solutions, a Northern Virginia cybersecurity firm that heads the coalition.
The cyberspying campaign is in support of China’s strategic national interests, the report said. Specifically, Axiom targets organizations that have strategic financial and economic interest, influence energy and environmental policy and develop high-tech equipment such as microprocessors, the report said.
The group’s sophistication is demonstrated less in how it gains access to targets’ computers and more in how it moves “laterally’’ once inside the system, disguising its behavior to look normal so it goes undetected, said Peter B. LaMontagne, Novetta Solutions chief executive officer.
“It suggests a threat actor that is well-funded, organized, patient — all characteristics associated with a government organization,” he said.
The FBI and the industry coalition suggested that the group may be the same one that has been linked to other cyberespionage campaigns — including, notably, the coalition said, one that targeted Google in 2009 in what has come to be known as Operation Aurora.