Chinese Hackers Targeted U.S. Higher Education

The Shanghai-based Chinese hacker group dubbed "APT1" definitely targeted two higher education institutions in the United States, according to security firm Mandiant, which recently published the widely circulated report "APT1: Exposing One of China's Cyber Espionage Units."

The report, formally released Tuesday, revealed that 141 businesses, government agencies, and other organizations had been hacked by APT1, which may have stolen "hundreds of terabytes of data" in ongoing operations "beginning as early as 2006." The report alleges that APT1 is a group operating out of the Chinese military, specifically People's Liberation Army Unit 61398.

Mandiant informed Campus Technology that two of those organizations affected by APT1's activities were higher education institutions, including "one college and one scientific research institution connected to a U.S. university." The names of all of the affected organizations have been witheld owing to concerns over confidentiality, a spokesperson for Mandiant told us.

The specific purpose of the attacks isn't clear.

"We don't have direct evidence regarding why they targeted either organization," the spokesperson explained. "However, the research institution does projects for both government and private industry in several areas that match APT1's targeted industries, including high-tech networking, communications, and manufacturing technologies."

The Mandiant report itself details tactics and tools used by APT1 and reveals more than 3,000 APT1 "indicators" in an effort to "expose and degrade APT1's infrastructure and allow organizations to bolster their defenses against APT1's arsenal of digital weapons. The indicators ... include domain names, MD5 hashes of malware and X.509 encryption certificates."

The unique report also provides video showing operations conducted by APT1, such as the one below.


Mandiant video showing alleged APT1 hacker "dota" and others engaged in various hacking activities.

Since its publication, the Mandiant report has been condemned by the Chinese government as flawed and "irresponsible."

The report comes on the heels of the 2013 National Intelligence Estimate that was leaked the the Washington Post just days prior to President Obama's State of the Union address last week, in which the President used the intelligence data to support his administration's cyber espionage policy agenda. The latest NIE fingered China "as the country most aggressively seeking to penetrate the computer systems of American businesses and institutions to gain access to data that could be used for economic gain," according to the Post.

The NIE, produced by the members of the American intelligence community, is an annual report whose findings are occasionally declassified and made available to the public to support policy positions, such as the 2002 NIE, whose findings about weapons of mass destruction were used in part to help justify the invasion of Iraq.

Both the 2013 NIE and the Mandiant report are now being used by the Obama administration and Congress to support controversial measures that provide the federal government with additional mechanisms to circumvent online privacy in the name of cyber security, notably the Cyber Intelligence and Sharing Protection Act (CISPA). President Obama recently signed an executive order authorizing a number of provisions contained in the previously defeated CISPA legislation.

The original CISPA, introduced in 2011, passed the House last year before reaching the Senate, where public opposition and competing legislation caused the bill to lose steam. President Obama had originally pledged to veto CISPA over concerns about privacy.

Following the revelations in the 2013 NIE, CISPA has been reintroduced in the U.S. House of Representatives. Mandiant CEO and founder Kevin Mandia spoke at a Congressional hearing on CISPA earlier this month prior to the public release of the APT1 report and around the time of the reintroduction of CISPA in the House.

CISPA has been opposed by a number of groups with ties to education, such as the American Association of University Professors and the American Library Association, as well as indvidual university faculty members. CISPA supporters have fallen largely into the categories of telecommunications, banking, aerospace, security, technology manufacturers, and other large businesses with significant financial and regulatory ties to the federal government. Facebook was also a supporter of the original bill.

The complete report and appendices from Mandiant can be downloaded in PDF form from the security firm's site.

 

Featured

  • abstract pattern with interconnected blue nodes and lines forming neural network shapes, overlaid with semi-transparent bars and circular data points

    Data, AI Lead Educause Top 10 List for 2025

    Educause recently released its annual Top 10 list of the most important technology issues facing colleges and universities in the coming year, with a familiar trio leading the bunch: data, analytics, and AI. But the report presents these critical technologies through a new lens: restoring trust in higher education.

  • stylized illustration of a portfolio divided into sections for career training

    St. Cloud State University Adds Four Tech Bootcamps via Upright Partnership

    To meet the growing demand for tech professionals in the state, Minnesota's St. Cloud State University is partnering with Upright to launch four career-focused bootcamps that will provide in-demand skills in software development, UX/UI design, data analytics, and digital marketing.

  • digital bookshelf displayed on a computer screen

    OverDrive, Ex Libris Integration Streamlines Discovery of Digital Content

    OverDrive, a provider of digital resources for schools and libraries, has announced an integration with library management provider Ex Libris that will allow academic institutions to discover the former's e-books and audiobooks within the Alma and Primo library services platforms.

  • Man wearing headset working on a computer

    Internet2: Network Routing Security and RPKI Adoption in Research and Education

    We ask James Deaton, vice president of network services, about Internet2's initiatives and leadership efforts to promote routing security and RPKI adoption in research and higher education networks.