Edward Wong / New York Times News Service
BEIJING — For almost two years, hackers based in Shanghai went after one foreign defense contractor after another, at least 20 in all. Their target, according to a U.S. cybersecurity company that monitored the attacks, was the technology behind the clear U.S. lead in military drones.
“I believe this is the largest campaign we’ve seen that has been focused on drone technology,” said Darien Kindlund, manager of threat intelligence at the California-based company, FireEye. “It seems to align pretty well with the focus of the Chinese government to build up their own drone technology capabilities.”
The hacking operation, conducted by a group called “Comment Crew” — which another cybersecurity company said has ties to the People’s Liberation Army — was one of the most recent signs of the ambitions of China’s drone development program. While Chinese Foreign Ministry officials have said China does not sanction hacking and is itself a victim, the government and military are still striving to put China at the forefront of drone manufacturing, for their own use and for export, and have made an all-out push to gather domestic and international technology to support the program.
Ian Easton, a military analyst at the Project 2049 Institute in Virginia, said cyberespionage was one tool in an extensive effort over years to purchase or develop drones domestically using all available technology, foreign and domestic.
Chinese engineers and officials have done reverse engineering, studied open source material and debriefed U.S. drone experts who attend conferences in China. “This can save them years of design work and mistakes,” Easton said.
For the Obama administration and U.S. business executives, no method of Chinese technology acquisition is more worrisome than cyberespionage. A U.S. official confirmed that drone technology had been stolen by hackers.
FireEye called the drone theft campaign Operation Beebus, traced to a command-and-control node at bee.businessconsults.net. Cybersecurity experts say that address and tools linked to it are associated with the “Comment Crew,” the Chinese hacker unit that Mandiant, another cybersecurity company, discussed in a report in February. Mandiant said the group was part of Unit 61398 of the People’s Liberation Army.