China’s government and military appear to be directly involved in cyberattacks against the U.S., according to a report released Monday by the U.S. Department of Defense.
The conclusion, contained in an annual report evaluating China’s military capabilities, marked another pointed claim by the U.S. government amid rising tensions between the two nations over cyberspace.
The DOD said that last year “numerous computer systems around the world, including those owned by the U.S. government, continued to be targeted for intrusions, some of which appear to be attributable directly to the Chinese government and military. These intrusions were focused on exfiltrating information.”
The stolen information is useful to a range of Chinese entities, including its defense and technology industries, U.S. policy makers in China as well as military planners, the report said.
Cyberwarfare capabilities could be used to complicate efforts to respond during a military confrontation, including causing slow response times by constraining the communication and commercial activities of an adversary, the report said.
China has strongly denied that it is coordinating hacking campaigns, but computer security researchers—as well a major companies such as Google—have frequently pointed to the nation when describing intrusions.
The DOD report also said Russia and China were playing a “disruptive role” in international forums aimed at establishing confidence-building measures and transparency in cyberspace.
Both nations are also pushing an Information Security Code of Conduct, which would give governments sovereign authority over content and information on the internet. The proposal has been widely criticized.
The U.S. has argued that existing international humanitarian law should apply in cyberspace. China doesn’t agree, but “Beijing’s thinking continues to evolve,” the report said.
In March, U.S. President Barack Obama’s national security advisor Tom Donilon said U.S. businesses have serious concerns about “cyber intrusions emanating from China on an unprecedented scale.” He called on China to recognize the threat cyberattacks pose to the two countries’ relationship and trade.
In February, computer security vendor Mandiant released a comprehensive report that named a specific Chinese military unit called “61398” as conducting an extensive, seven-year hacking campaign that struck 141 organizations.
The hacking group, also called the “Comment Crew,” was extremely active in targeting U.S. companies and other organizations despite China’s claims that it does not permit state-sponsored hacking.