The report, by US security company Mandiant, says the attacks have been originating from a building owned by the People’s Liberation Army (PLA), Unit 61398, claims the Chinese Foreign Ministry dismissed as “groundless”. China’s Defence Ministry has also denied any involvement.
Mandiant claims the cyberattacks stole data from energy companies and military contractors, among others.
Though China has been accused of hacking in the past, the Mandiant report is the most detailed accusation of cyberspying to date. The report says the building in Shanghai could house “hundreds or thousands” of people with military-grade high-speed fibre-optic connections from the world’s largest telecoms carrier China Mobile.
“The nature of Unit 61398's work is considered by China to be a state secret; however, we believe it engages in harmful computer network operations," Mandiant said in the report. It said a typical attack would leave hidden software and silently steal data to a remote server elsewhere on the Internet.
“It is time to acknowledge the threat is originating in China, and we wanted to do our part to arm and prepare security professionals to combat that threat effectively,” the report said.
A Chinese foreign ministry spokesman said: “Hacking attacks are transnational and anonymous. Determining their origins are extremely difficult. We don't know how the evidence in this so-called report can be tenable. Arbitrary criticism based on rudimentary data is irresponsible, unprofessional and not helpful in resolving the issue.”