The evidence is circumstantial and comes from several cases where US corporate networks have been infiltrated by hackers from China and data removed.
What the cases reveal is meticulous organization with the highest levels of technical sophistication – sophistication beyond the abilities of amateur hackers, experts say.
“These types of operational techniques are not characteristic of amateur hackers operating in widely dispersed geographic areas,” according to a recent study conducted for the US-China Economic and Security Review Commission.
In an analysis of one particular attack on a US company, the review commission stated: “Even if these were freelance operators not directly affiliated with a state or military organization, they had a professional quality, organization, and discipline."
Among the best documented accounts of a highly orchestrated and systematic cyberespionage attack came in March when Canadian researchers identified 1,295 computers in 103 countries infected by spyware and operated by a "GhostNet" or network of computers.
Unlike many viruses that infect randomly, the compromised computers of GhostNet belonged to high-value targets like embassies and nongovernmental organizations. Their common thread was the foreign policy concerns of China, the report found.
Many had a Tibet connection – including computer systems at the offices of the Dalai Lama and other Tibetan targets.