HOME

TheInfoList



Click Here for Items Related To - PLA Unit 61398
OR:
PLA Unit 61398 on:   [Wikipedia]   [Google]   [Amazon]

PLA Unit 61398 (also known as APT1, Comment Crew, Comment Panda, GIF89a, or Byzantine Candor; ,
Pinyin Hanyu Pinyin, or simply pinyin, officially the Chinese Phonetic Alphabet, is the most common romanization system for Standard Chinese. ''Hanyu'' () literally means 'Han Chinese, Han language'—that is, the Chinese language—while ''pinyin' ...
: 61398 ''bùduì'') is the military unit cover designator (MUCD) of a
People's Liberation Army The People's Liberation Army (PLA) is the military of the Chinese Communist Party (CCP) and the People's Republic of China (PRC). It consists of four Military branch, services—People's Liberation Army Ground Force, Ground Force, People's ...
advanced persistent threat An advanced persistent threat (APT) is a stealthy threat actor, typically a State (polity), state or state-sponsored group, which gains unauthorized access to a computer network and remains undetected for an extended period. In recent times, the ...
unit that has been alleged to be a source of Chinese computer hacking attacks. The unit is stationed in Pudong,
Shanghai Shanghai, Shanghainese: , Standard Chinese pronunciation: is a direct-administered municipality and the most populous urban area in China. The city is located on the Chinese shoreline on the southern estuary of the Yangtze River, with the ...
, and has been cited by US intelligence agencies since 2002.


History

A report by the
computer security Computer security (also cybersecurity, digital security, or information technology (IT) security) is a subdiscipline within the field of information security. It consists of the protection of computer software, systems and computer network, n ...
firm Mandiant stated that PLA Unit 61398 is believed to operate under the 2nd Bureau of the People's Liberation Army General Staff Department (GSD) Third Department (总参三部二局) and that there is evidence that it contains, or is itself, an entity Mandiant calls APT1, part of the advanced persistent threat that has attacked a broad range of corporations and government entities around the world since at least 2006. APT1 is described as comprising four large networks in Shanghai, two of which serve the Pudong New Area. It is one of more than 20 APT groups with origins in China. The Third and Fourth Department, responsible for electronic warfare, are believed to comprise the PLA units mainly responsible for infiltrating and manipulating computer networks.


2014 indictment

On 19 May 2014, the
US Department of Justice The United States Department of Justice (DOJ), also known as the Justice Department, is a federal executive department of the U.S. government that oversees the domestic enforcement of federal laws and the administration of justice. It is equ ...
announced that a federal grand jury had returned an indictment of five 61398 officers on charges of theft of confidential business information and intellectual property from U.S. commercial firms and of planting
malware Malware (a portmanteau of ''malicious software'')Tahir, R. (2018)A study on malware and malware detection techniques . ''International Journal of Education and Management Engineering'', ''8''(2), 20. is any software intentionally designed to caus ...
on their computers. The five are Huang Zhenyu (黄振宇), Wen Xinyu (文新宇), Sun Kailiang (孙凯亮), Gu Chunhui (顾春晖), and Wang Dong (王东). Forensic evidence traces the base of operations to a 12-story building off Datong Road in a public, mixed-use area of Pudong in Shanghai. The group is also known by various other names including "Advanced Persistent Threat 1" ("APT1"), "the Comment group" and "Byzantine Candor", a codename given by US intelligence agencies since 2002. The group often compromises internal software "comment" features on legitimate web pages to infiltrate target computers that access the sites, leading it to be known as "the Comment Crew" or "Comment Group". The collective has stolen
trade secret A trade secret is a form of intellectual property (IP) comprising confidential information that is not generally known or readily ascertainable, derives economic value from its secrecy, and is protected by reasonable efforts to maintain its conf ...
s and other confidential information from numerous foreign businesses and organizations over the course of seven years such as
Lockheed Martin The Lockheed Martin Corporation is an American Arms industry, defense and aerospace manufacturer with worldwide interests. It was formed by the merger of Lockheed Corporation with Martin Marietta on March 15, 1995. It is headquartered in North ...
, Telvent, and other companies in the shipping, aeronautics, arms, energy, manufacturing, engineering, electronics, financial, and software sectors. Dell SecureWorks says it believed the group includes the same group of attackers behind Operation Shady RAT, an extensive computer espionage campaign uncovered in 2011 in which more than 70 organizations over a five-year period, including the United Nations, government agencies in the United States, Canada, South Korea, Taiwan and Vietnam, were targeted. The attacks documented in the summer of 2011 represent a fragment of the Comment group's attacks, which go back at least to 2002, according to incident reports and investigators. In 2012, FireEye, Inc. stated that they had tracked hundreds of targets in the last three years and estimated the group had attacked more than 1,000 organizations. Most activity between
malware Malware (a portmanteau of ''malicious software'')Tahir, R. (2018)A study on malware and malware detection techniques . ''International Journal of Education and Management Engineering'', ''8''(2), 20. is any software intentionally designed to caus ...
embedded in a compromised system and the malware's controllers takes place during business hours in Beijing's time zone, suggesting that the group is professionally hired, rather than private hackers inspired by patriotic passions. A 2020 report in Daily News and Analysis stated that the unit was eyeing information related to defense and research in India.


Public position of the Chinese government

Until 2013, the
government of China The government of the People's Republic of China is based on a system of people's congress within the parameters of a unitary communist state, in which the ruling Chinese Communist Party (CCP) enacts its policies through people's congresses. ...
has consistently denied that it is involved in hacking. In response to the Mandiant Corporation report about Unit 61398, Hong Lei, a spokesperson for the Chinese foreign ministry, said such allegations were "unprofessional".


See also

* Titan Rain * Chinese espionage in the United States *
National Security Agency The National Security Agency (NSA) is an intelligence agency of the United States Department of Defense, under the authority of the director of national intelligence (DNI). The NSA is responsible for global monitoring, collection, and proces ...
of the United States * PLA Unit 61486 *
Signals intelligence Signals intelligence (SIGINT) is the act and field of intelligence-gathering by interception of ''signals'', whether communications between people (communications intelligence—abbreviated to COMINT) or from electronic signals not directly u ...
* Tailored Access Operations of the United States * Mandiant * FireEye


References

{{Coord, 31, 20, 57.43, N, 121, 34, 24.74, E, region:CN_type:landmark_source:MandiantReportPage12, display=title Military units and formations of the People's Republic of China Cyberwarfare by China Chinese advanced persistent threat groups Information operations units and formations Hacking (computer security) 2002 establishments in Shanghai Chinese intelligence agencies Cybercrime in India China–India relations