Researchers identify Chinese military hacker

Will Xi Jinping and President Obama discuss cybersecurity?
Will Xi Jinping and President Obama discuss cybersecurity?

A group of cybersecurity researchers say they have unlocked a key into how China hacks foreign governments.

The hackers' techniques don't sound very sophisticated: They send innocent-looking emails to unsuspecting recipients, whose computers then get infected with malware that trawls for sensitive information.

Once the information is found, it is pinged to the Chinese military, according to the report by ThreatConnect and Defense Group Inc.

Cybersecurity is a major source of tension between China and the U.S. It's one of the key issues that President Obama and President Xi Jinping are expected to address this week during the Chinese leader's first U.S. state visit.

Beijing has long denied it is involved in hacking, and often claims to be a victim of similar attacks. Xi repeated the denial in a major speech this week in Seattle, but also said that China is ready to engage in a high-level dialogue with the U.S. about cybersecurity.

The ThreatConnect findings, which were first reported by the Wall Street Journal, shine a new light on the issue.

The research report links a military intelligence unit of the People's Liberation Army in Kunming, a city in southern China, to a hacker collective known as "Naikon."

The report says the group has been successful in hacking Southeast Asian governments and that the military unit is dedicated to that region.

It also profiles and ties Ge Xing, a member of the Chinese military, to that unit. Ge is thought to be the operator of a domain called "GreenSky27" from which "phishing" attacks originate.

Researchers reviewed social media data under the "GreenSky27" name -- thought to be Ge's accounts -- and found that his online activity strongly correlated with that of the domain operator. For example, the domain appears to be active during regular daily working hours from 9 a.m. to 6 p.m., with a lunch break, and inactive over holiday periods and vacation travel.

Related: Why would China hack the U.S. government?

Ge's published academic papers and education indicate he is a specialist on Southeast Asia, while much of the unit's hacking activity appears to focus on infiltrating companies and governments in that region.

Ge's academic papers also include biographical information that state he is a member of the Kunming military unit. Some of the social media accounts mentioned in the report, and other Internet evidence, now appear to have been deleted.

The ThreatConnect report is not the first to reveal the activities of China's military hackers. In 2013, American cybersecurity firm Mandiant linked one of the world's most prolific groups of computer hackers to the Chinese government, tracing them to a location near Shanghai that is also the headquarters of Unit 61398, a secret division of China's military.

More recently, a cyberattack -- in which U.S. officials named China as the primary suspect -- compromised a U.S. government network that contained sensitive information on federal employees, including a database of people with top-secret clearances. Information stolen included the fingerprints of 5.6 million government workers.

It's not yet clear if Xi and Obama will be able to come to an understanding. The patience of U.S. officials, however, appears to be wearing thin.

Susan Rice, the U.S. National Security Advisor, said Monday that China's state-sponsored hacking "must stop."

"This isn't a mild irritation," Rice said. "It puts enormous strain on our bilateral relationship, and it is a critical factor in determining the future trajectory of U.S.-China ties."

CNNMoney Sponsors