PLA Unit 61398

Coordinates: 31°20′57.43″N 121°34′24.74″E / 31.3492861°N 121.5735389°E / 31.3492861; 121.5735389
Source: Wikipedia, the free encyclopedia.

People's Liberation Army Unit 61398
61398部队
Electronic warfare
Part of People's Liberation Army
Garrison/HQTonggang Road, Pudong, Shanghai
Nickname(s)
  • APT 1
  • Comment Crew
  • Comment Panda
  • GIF89a
  • Byzantine Candor
  • Group 3
  • Threat Group 8223
Engagements

PLA Unit 61398 (also known as APT1, Comment Crew, Comment Panda, GIF89a, or Byzantine Candor;

computer hacking attacks.[2][3][4] The unit is stationed in Pudong, Shanghai[5]
, and has been cited by US intelligence agencies since 2002.

History

From left, Chinese military officers Gu Chunhui, Huang Zhenyu, Sun Kailiang, Wang Dong, and Wen Xinyu indicted on cyber espionage charges.
See also: Chinese information operations and information warfare and Cyberwarfare by China

A report by the

electronic warfare, are believed to comprise the PLA units mainly responsible for infiltrating and manipulating computer networks.[7]

2014 indictment

On 19 May 2014, the

US Department of Justice announced that a Federal grand jury had returned an indictment of five 61398 officers on charges of theft of confidential business information and intellectual property from U.S. commercial firms and of planting malware on their computers.[8][9] The five are Huang Zhenyu (黄振宇), Wen Xinyu (文新宇), Sun Kailiang (孙凯亮), Gu Chunhui (顾春晖), and Wang Dong (王东). Forensic evidence traces the base of operations to a 12-story building off Datong Road in a public, mixed-use area of Pudong in Shanghai.[2] The group is also known by various other names including "Advanced Persistent Threat 1" ("APT1"), "the Comment group" and "Byzantine Candor", a codename given by US intelligence agencies since 2002.[10][11][12][13]

The group often compromises internal software "comment" features on legitimate web pages to infiltrate target computers that access the sites, leading it to be known as "the Comment Crew" or "Comment Group".[14][15] The collective has stolen trade secrets and other confidential information from numerous foreign businesses and organizations over the course of seven years such as Lockheed Martin, Telvent, and other companies in the shipping, aeronautics, arms, energy, manufacturing, engineering, electronics, financial, and software sectors.[11]

Dell SecureWorks says it believed the group includes the same group of attackers behind Operation Shady RAT, an extensive computer espionage campaign uncovered in 2011 in which more than 70 organizations over a five-year period, including the United Nations, government agencies in the United States, Canada, South Korea, Taiwan and Vietnam, were targeted.[2]

The attacks documented in the summer of 2011 represent a fragment of the Comment group's attacks, which go back at least to 2002, according to incident reports and investigators. In 2012,

FireEye, Inc. stated that they had tracked hundreds of targets in the last three years and estimated the group had attacked more than 1,000 organizations.[12]

Most activity between malware embedded in a compromised system and the malware's controllers takes place during business hours in Beijing's time zone, suggesting that the group is professionally hired, rather than private hackers inspired by patriotic passions.[7]

A 2020 report in Daily News and Analysis stated that the unit was eyeing information related to defense and research in India.[16]

Public position of the Chinese government

Until 2013, the

Hong Lei, a spokesperson for the Chinese foreign ministry, said such allegations were "unprofessional".[17][4]

See also

References

  1. ^ a b c "APT1: Exposing One of China's Cyber Espionage Units" (PDF). Mandiant. Archived (PDF) from the original on 19 February 2013. Retrieved 19 February 2013.
  2. ^
    ISSN 0362-4331
    . Retrieved 28 May 2023.
  3. ^ "Chinese military unit behind 'prolific and sustained hacking'". The Guardian. 19 February 2013. Archived from the original on 20 December 2013. Retrieved 19 February 2013.
  4. ^
    ISSN 0013-0613
    . Retrieved 28 May 2023.
  5. ^ "中国人民解放军61398部队招收定向研究生的通知" [A notification of PLA Unit 64398 to recruit postgraduate students as PLA-funded scholarship student.]. Zhejiang University. 13 May 2004. Archived from the original on 2 December 2016. Retrieved 5 January 2019.
  6. ^ Joe Weisenthal and Geoffrey Ingersoll (18 February 2013). "REPORT: An Overwhelming Number Of The Cyber-Attacks On America Are Coming From This Particular Army Building In China". Business Insider. Archived from the original on 20 February 2013. Retrieved 19 February 2013.
  7. ^
    The Huffington Post. Archived
    from the original on 26 February 2013. Retrieved 27 February 2013.
  8. ^ Finkle, J., Menn, J., Viswanatha, J. U.S. accuses China of cyber spying on American companies. Archived 12 April 2017 at the Wayback Machine Reuters, 20 Nov 2014.
  9. ^ Clayton, M. US indicts five in China's secret 'Unit 61398' for cyber-spying. Archived 20 May 2014 at the Wayback Machine Christian Science Monitor, 19 May 2014
  10. ^ David Perera (6 December 2010). "Chinese attacks 'Byzantine Candor' penetrated federal agencies, says leaked cable". fiercegovernmentit.com. Fierce Government IT. Archived from the original on 19 April 2016.
  11. ^
    CSMonitor. Archived
    from the original on 15 November 2019. Retrieved 24 February 2013.
  12. ^ a b Riley, Michael; Dune Lawrence (26 July 2012). "Hackers Linked to China's Army Seen From EU to D.C." Bloomberg.com. Bloomberg. Archived from the original on 11 January 2015. Retrieved 24 February 2013.
  13. ^ Michael Riley; Dune Lawrence (2 August 2012). "China's Comment Group Hacks Europe—and the World". Bloomberg Businessweek. Archived from the original on 19 February 2013. Retrieved 12 February 2013.
  14. New York Media. Archived
    from the original on 22 February 2013. Retrieved 24 February 2013.
  15. ^ Dave Lee (12 February 2013). "The Comment Group: The hackers hunting for clues about you". BBC News. Archived from the original on 12 February 2013. Retrieved 12 February 2013.
  16. ^ Shukla, Manish (3 August 2020). "Chinese Army's secret '61398' unit spying on India's defense and research, warns intelligence". DNA India. Retrieved 6 January 2024.
  17. ^ a b Xu, Weiwei (20 February 2013). "China denies hacking claims". Morning Whistle. Archived from the original on 29 June 2013. Retrieved 8 April 2013.

31°20′57.43″N 121°34′24.74″E / 31.3492861°N 121.5735389°E / 31.3492861; 121.5735389

Retrieved from "https://en.wikipedia.org/w/index.php?title=PLA_Unit_61398&oldid=1214408025"