The American computer-security firm Mandiant has pushed a big pin into the world map of cyber threats—and that pin bears the address of a twelve-story white office building in Shanghai on Datong Lu (“Great Harmony Road.”) Buried amid restaurants and shops and massage parlors, the building turns out to be the headquarters of People’s Liberation Army Unit 61398, and, as the Times puts it, an “overwhelming percentage of the attacks on American corporations, organizations and government agencies originate in and around the white tower.”

After years of warnings that Chinese hacking was a rising threat, the Mandiant study, and the willingness of U.S. officials to confirm many of its findings, signal a blunt new American counteroffensive against the era of Chinese cyber attacks. If 2012 was the year that unearthed unprecedented detail about corruption in reform-era China, 2013 may be turning the spotlight on the P.L.A.’s rapidly rising ambitions and capabilities.

I am usually wary of reports by security firms that, no surprise, identify reasons to hire security firms. But in this case, the Mandiant report, and a related Times investigation, are part of a broader context. They come days after a new Bloomberg Businessweek piece highlighted how American security consultants have pinpointed the name and identity of a Chinese hacker who, one guesses, was not pleased to discover that his vacation photos were now in an American business magazine. (I have written about previous hacking news from China.) On Tuesday, the Obama Administration reportedly plans to unveil a more aggressive campaign against Chinese hacking groups, a threat that a U.S. defense official compared to “nuclear command centers around Moscow.”

A few takeaways and questions from the raft of new information about Chinese hacking:

• Mandiant and the Times stop short of saying Unit 61398 was directly in charge; “the firm was not able to place the hackers inside the twelve-story building, but makes a case there is no other plausible explanation for why so many attacks come out of one comparatively small area.” Caveats aside, the accumulated evidence should retire the old notion that China’s most sophisticated hackers are just patriots freelancing from their parents’ basements.

• This is no longer a business issue. For years, victimized American companies preferred to keep quiet, lest they expose their vulnerabilities. But now the government is less comfortable with that silence because the hackers are targeting firms responsible for the American power grid, water supply, and other pieces of critical infrastructure. In one case, “one target was a company with remote access to more than 60 percent of oil and gas pipelines in North America.”

• The official Chinese reaction to the report is unchanged: China is a victim of cyber attacks as well, so don’t point the finger at Beijing. In other areas of disagreement, China has occasionally chosen to reply in kind. Every spring it produces an annual report on human rights conditions in the United States, as a response to American criticism of Chinese human-rights conditions. So, will China begin to report on its own experiences of being hacked? Will it pinpoint a twelve-story building outside of, say, D.C. or San Francisco, that has been the source of digital incursions? Don’t count on those revelations anytime soon, but it’s an intriguing prospect.

The fact is that the United States government has already shown signs of an energetic capacity for cyber war, as in the case of Stuxnet, the software worm that the U.S., working with Israel, is believed to have used to disrupt Iran’s uranium-enrichment program. Coincidentally, I happened to ask some North Korea experts last week if Pyongyang’s latest round of nuclear tests might make it a prime target for a Stuxnet-style intervention. “The only time I heard anything along such lines recently was suspicion that the April launch failure may have resulted from cyber attack—but that was in the realm of conspiracy theory,” John Delury, of Yonsei University, in Seoul, told me.

As long as it’s in the realm of the theoretical, here’s another twist: given China’s vocal frustration with its erstwhile allies in Pyongyang, and China’s fondness for cyber adventures, any chance that China might try a Stuxnet approach to slow down a headache on its northeast border? From what I gathered, the chances were slim, in part because of operational differences between Iran and North Korea. “Do the Chinese know which industrial-control systems are in place?” Adam Segal, of the Council on Foreign Relations, asked. “Could they deliver the malware to a system that is most likely ‘air gapped’ and not connected to the Internet? Could they be sure that the infection wouldn’t spread—back to China or to U.S. or others? Do D.P.R.K. nuclear scientists travel? Is it possible to leave thumb drives around with no one noticing?”

All good questions, and all for another day. This morning has produced more than enough to keep cyber-warriors busy on both sides of the Pacific.

Photograph by Peter Parks/Getty.