BEIJING/SAN FRANCISCO (Reuters) - A secretive Chinese military unit is believed to be behind a series of hacking attacks, a U.S. computer security company said, prompting a strong denial by China and accusations that it was in fact the victim of U.S. hacking.

Motorcyclists ride past 'Unit 61398', a secretive Chinese military unit, in the outskirts of Shanghai February 19, 2013. REUTERS/Carlos Barria

The company, Mandiant, identified the People's Liberation Army's Shanghai-based Unit 61398 as the most likely driving force behind the hacking. Mandiant said it believed the unit had carried out "sustained" attacks on a wide range of industries.

"The nature of 'Unit 61398's' work is considered by China to be a state secret; however, we believe it engages in harmful 'Computer Network Operations'," Mandiant said in a report released in the United States on Monday.

"It is time to acknowledge the threat is originating in China, and we wanted to do our part to arm and prepare security professionals to combat that threat effectively," it said.

The Chinese Foreign Ministry said the government firmly opposed hacking, adding that it doubted the evidence provided in the report.

"Hacking attacks are transnational and anonymous. Determining their origins are extremely difficult. We don't know how the evidence in this so-called report can be tenable," spokesman Hong Lei told a daily news briefing.

"Arbitrary criticism based on rudimentary data is irresponsible, unprofessional and not helpful in resolving the issue."

Hong cited a Chinese study which pointed to the United States as being behind hacking in China.

"Of the above mentioned Internet hacking attacks, attacks originating from the United States rank first."

China's Defence Ministry did not immediately respond to faxed questions about the report.

Unit 61398 is located in Shanghai's Pudong district, China's financial and banking hub, and is staffed by perhaps thousands of people proficient in English as well as computer programming and network operations, Mandiant said in its report.

The unit had stolen "hundreds of terabytes of data from at least 141 organisations across a diverse set of industries beginning as early as 2006", it said.

Most of the victims were located in the United States, with smaller numbers in Canada and Britain. The information stolen ranged from details on mergers and acquisitions to the emails of senior employees, the company said.

"ECONOMIC CYBER ESPIONAGE"

Some experts said they doubted Chinese government denials.

"The PLA plays a key role in China's multi-faceted security strategy, so it makes sense that its resources would be used to facilitate economic cyber espionage that helps the Chinese economy," said Dmitri Alperovitch, chief technology officer and co-founder of CrowdStrike, one of Mandiant's competitors.

Though privately held and little known to the general public, Mandiant is one of a handful of U.S. cyber-security companies that specialise in attempting to detect, prevent and trace the most advanced hacking attacks, instead of the garden-variety viruses and criminal intrusions that befoul corporate networks on a daily basis.

But Mandiant does not promote its analysis in public and only rarely issues topical papers about changes in techniques or behaviours.

It has never before given the apparent proper names of suspected hackers or directly tied them to a military branch of the Chinese government, giving the new report special resonance.

The company published details of the attack programmes and dummy websites used to infiltrate U.S. companies, typically via deceptive emails.

U.S. officials have complained in the past to China about sanctioned trade-secret theft, but have had a limited public record to point to.

Mandiant said it knew the PLA would shift tactics and programmes in response to its report but concluded that the disclosure was worth it because of the scale of the harm and the ability of China to issue denials in the past and duck accountability.

The company traced Unit 61398's presence on the Internet - including registration data for a question-and-answer session with a Chinese professor and numeric Internet addresses within a block assigned to the PLA unit - and concluded that it was a major contributor to operations against the U.S. companies.

Members of Congress and intelligence authorities in the United States have publicised the same general conclusions: that economic espionage is an official mission of the PLA and other elements of the Chinese government, and that hacking is a primary method.

In November 2011, the U.S. National Counterintelligence Executive publicly decried China in particular as the biggest known thief of U.S. trade secrets.

The Mandiant report comes a week after U.S. President Barack Obama issued a long-awaited executive order aimed at getting the private owners of power plants and other critical infrastructure to share data on attacks with officials and to begin to follow consensus best practices on security.

Both U.S. Democrats and Republicans have said more powerful legislation is needed, citing Chinese penetration not just of the largest companies but of operations essential to a functioning country, including those comprising the electric grid.

(Additional reporting by Michael Martina in BEIJING and Jim Finkle in BOSTON; Editing by Robert Birsel)

• Alliance full year profit up 7% to RM538mil
• Bumi Armada's earnings up 22% to RM109.67mil, order book RM12.2b
• Dayang bags RM2bil contract from Shell
• CIMB earnings up 37.1% to RM1.386b in Q1, 2013
• MMHE Q1 earnings down 35% to RM50.59m
• KLCI closes a shade below record high
• AmIncome Flexi bond fund to attract RM200m investments
• EPF invests additional US$1.3b overseas
• MIDA: Investments up 44% on-year to RM49.3b in Q1
• Prague metro plans to launch love train for singles
• iGate sacks chief executive Murthy after sexual harassment probe
• Eversendai Q1 earnings slip 13.1% to RM23.68m on timing differences
• US asks judge to deny S&P's motion to dismiss fraud lawsuit
• Perdana Petroleum bidding for over RM1b contracts
• IOI Corp Q3 earnings up just 2.8% to RM567.8m (Update)

• 6.0 quake off Russia's far-east Kamchatka coastline: USGS
• Death toll rises to 21 in Indonesian mine collapse
• Dozens dead as tornado hits Oklahoma City (Updated)
• No new H7N9 cases in China for a week: government
• Villagers discover ancient ball game statue in Mexico
• British PM survives gay marriage vote
• Kerry to help ink $2.1 bn defense accord with Oman
• Yahoo unveils makeover of flickr site

• China crush arch rivals Indonesia
• Former Asian phenom takes slow route to success
• Plenty for Hafizh as 55 is significant in his early racing career
• Yi Ting on a mission
• Razif: Indiscipline the cause of senior players’ poor performances
• Cool V Shem believes he will be too hot for rivals to handle
• Spirited Malaysian team vow to deliver against Germans
• Japan hope to reach their first semis in tourney
• KLHC to rule the roost if other teams don’t raise their game
• Malaysia have their work cut out in the World League
• Gobi’s fate to be decided by MHC’s administrative committee
• Andre nails it with last jump
• Grace hammers home a point with two golds
• Delia one step away from main draw after easy win
• Sharon believes KPT circuit is excellent for squash’s future

• Please wait.

• Rape accused defends marriage to 13-year-old, says it was mutual
• Malindo set to operate from Subang Skypark
• Coconut yogurt anyone?
• MAS flew baby home with doctor's certification, says CEO Ahmad Jauhari
• Sarawak ministers, assemblymen get three-fold pay hike
• The best ways to national unity
• Plaza Rakyat may be revived
• ‘Boycott will be self-defeating’
• Court postpones return of Genneva directors’ assets
• Not taken for a good ride and not ungrateful