Jump to content

PLA Unit 61398

Coordinates: 31°20′57.43″N 121°34′24.74″E / 31.3492861°N 121.5735389°E / 31.3492861; 121.5735389
From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by 99.119.131.141 (talk) at 07:43, 2 April 2013 (Government of China). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

PLA Unit 61398 (Chinese: 61398部队) is the Military Unit Cover Designator (MUCD)[1] of a People's Liberation Army advanced persistent threat unit that has been alleged to be the source of Chinese computer hacking attacks.[2][3] Forensic evidence traces the base of operations to a 12-story building off Datong Road in a public, mixed-use area of Pudong in Shanghai.[2] The group is also known by various other names including "Comment Crew", "The Comment Group", "Advanced Persistent Threat 1" ("APT1"), "Shanghai Group" and "Byzantine Candor".[4][5][6]

It has been known to US intelligence agencies since 2002; they gave it the codename Byzantine Candor.[7]

A report by the computer security firm Mandiant stated that PLA Unit 61398 is believed to operate under the 2nd Bureau of the People's Liberation Army General Staff Department (GSD) Third Department Second Board (总参三部二局).[1] and that there is evidence that it contains, or is itself, an entity Mandiant calls APT1, part of the advanced persistent threat that has attacked a broad range of corporations and government entities around the world since at least 2006. APT1 is described as comprising four large networks in Shanghai, two of which serve the Pudong New Area. It is one of more than 20 APT groups with origins in China.[1][8] The Third and Fourth Department, responsible for electronic warfare, are believed to be comprise the PLA units mainly responsible for infiltrating and manipulating computer networks.[9]

The group often compromises internal software "comment" features on legitimate web pages to infiltrate target computers that access the sites.[10][11] Along with other groups such as the Elderwood Gang, the collective has stolen trade secrets and other confidential information from numerous foreign businesses and organizations over the course of seven years such as Lockheed Martin, Telvent, and other companies in the shipping, aeronautics, arms, energy, manufacturing, engineering, electronics, financial, and software sectors.[4]

Dell SecureWorks says it believed the group includes the same group of attackers behind Operation Shady RAT, an extensive computer espionage campaign uncovered in 2011 in which more than 70 organizations over a five-year period, including the United Nations, government agencies in the United States, Canada, South Korea, Taiwan and Vietnam were targeted.[2]

The attacks documented in the summer of 2011 represent a fragment of the Comment group's attacks, which go back at least to 2002, according to incident reports and investigators. FireEye, Inc. alone has tracked hundreds of targets in the last three years and estimates the group has attacked more than 1,000 organizations.[5]

Most activity between malware embedded in a compromised system and the malware's controllers takes place during business hours in Beijing's time zone, suggesting that the group is professionally hired, rather than private hackers inspired by patriotic passions.[9]

The government of China has consistently denied that it is involved in hacking. In response to the Mandiant report about unit 61398, a spokesperson for the Chinese foreign ministry said such allegations were "irresponsible and unprofessional."[12]

See also

References

  1. ^ a b c "APT1: Exposing One of China's Cyber Espionage Units" (PDF). Mandiant. Retrieved 2013-02-19.
  2. ^ a b c David E. Sanger, David Barboza and Nicole Perlroth (18 February 2013). "Chinese Army Unit Is Seen as Tied to Hacking Against U.S." New York Times. Retrieved 19 February 2013.
  3. ^ "Chinese military unit behind 'prolific and sustained hacking'". The Guardian. 19 February 2013. Retrieved 2013-02-19.
  4. ^ a b Clayton, Mark (14 September 2012). "Stealing US business secrets: Experts ID two huge cyber 'gangs' in China". CSMonitor. Retrieved 24 February 2013.
  5. ^ a b Riley, Michael (26 July 2012). "Hackers Linked to China's Army Seen From EU to D.C." Bloomberg. Retrieved 24 February 2013. {{cite web}}: Unknown parameter |coauthors= ignored (|author= suggested) (help)
  6. ^ Michael Riley; Dune Lawrence (August 2, 2012). "China's Comment Group Hacks Europe—and the World". Bloomberg Businessweek. Retrieved February 12, 2013.
  7. ^ David Perera, Chinese attacks 'Byzantine Candor' penetrated federal agencies, says leaked cable, Fierce Government IT, December 6, 2010
  8. ^ Joe Weisenthal and Geoffrey Ingersoll (Feb 18, 2013). "REPORT: An Overwhelming Number Of The Cyber-Attacks On America Are Coming From This Particular Army Building In China". Business Insider. Retrieved 2013-02-19.
  9. ^ a b Bodeen, Christopher (25 February 2013). "Sign That Chinese Hackers Have Become Professional: They Take Weekends Off". The Huffington Post. Retrieved 27 February 2013.
  10. ^ Martin, Adam (19 February 2013). "Meet 'Comment Crew,' China's Military-Linked Hackers". NYMag.com. New York Media. Retrieved 24 February 2013.
  11. ^ Dave Lee (February 12, 2013). "The Comment Group: The hackers hunting for clues about you". BBC News. Retrieved February 12, 2013.
  12. ^ "Hello, Unit 61398". The Economist. 19 February 2013. Retrieved 5 March 2013.

31°20′57.43″N 121°34′24.74″E / 31.3492861°N 121.5735389°E / 31.3492861; 121.5735389

Retrieved from "https://en.wikipedia.org/w/index.php?title=PLA_Unit_61398&oldid=548283365"