Mandiant’s hacking report hit with virus

Consultancy firm plagued with compromised versions of ‘China cyber threat’ document

Tags: Mandiant Corp (
  • E-Mail
Mandiant’s hacking report hit with virus Mandiant claimed this 12-storey building in Shanghai served as the base for a Chinese military-led hacking group. (Getty Images)
By  Stephen McBride Published  February 24, 2013

Digital threat consultancy firm Mandiant Corp - author of the investigative report blaming Chinese military hackers for recent US cyber attacks - has itself been the victim of viruses as its own 74-page report was polluted with malware, Reuters reported on Friday.

As US officials continue to debate the implications of the report, the contents of which have been disavowed by the Chinese government, it has emerged that an unknown group tainted versions of the document and emailed them to several recipients.

Last Monday's report claimed that a Chinese hacking group known as APT1 was backed by the People's Liberation Army's Shanghai-based Unit 61398. Cyber research companies are not normally so specific in the identification of individuals involved in attacks.

Mandiant even claimed to have pinpointed the building, said to be in the Pudong financial district of Shanghai, from which 61398 had appropriated "hundreds of terabytes of data from at least 141 organizations across a diverse set of industries beginning as early as 2006". 

Mandiant was founded in 2004 by Kevin Mandia, and claims to have worked with approximately 40% of Fortune 100 companies. It also claims that there is often a waiting list for its services.

"We tend not to take the small jobs. We take the big ones - the ones you would love to read about in the paper, but we keep them out of the paper," said Mandiant's chief security officer, Richard Bejtlich.

The company's leadership team includes former US armed services personnel and federal agents.

Responding to the compromised copies of its report the company said on its blog that its internal systems had not been breached.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code