New report says cyberspying group linked to China's army

Mandiant said in a report that the group was a People's Liberation Army unit under cover
  • John Ribeiro (IDG News Service)
  • — 19 February, 2013 05:57

A new report traces a large cybersecurity threat group to China's People's Liberation Army, specifically an unit that goes under the cover name "Unit 61398".

Security company Mandiant said in a report released Tuesday that an Advanced Persistent Threat group it called APT1 was one of the most persistent of China's cyberthreat actors because of its likely government support.

"In seeking to identify the organization behind this activity, our research found that People's Liberation Army (PLA's) Unit 61398 is similar to APT1 in its mission, capabilities, and resources," Mandiant said in its report. "PLA Unit 61398 is also located in precisely the same area from which APT1 activity appears to originate."

Unit 61398 is said to be located in a 130,663 square-foot building on Datong Road in Gaoqiaozhen, in the Pudong New Area of Shanghai.

The nature of the work of "Unit 61398" is considered by China to be a state secret, but Mandiant said it believes it engages in harmful computer network operations.

The group has a sinister track record, according to Mandiant, as since 2006, it has observed APT1 compromise 141 companies spanning 20 major industries. 87 percent of the target companies are headquartered in countries where English is the native language, and are in industries that China has identified as strategic.

APT1 uses tools that the security firm finds have not been used by other groups, including two tools for stealing emails called GETMAIL and MAPIGET. Once the group has established access, it periodically revisits the victim's network over several months or years to steal a variety of intellectual property, including technology blueprints, proprietary manufacturing processes, test results, business plans, pricing documents, partnership agreements, and emails and contact lists from the leadership of the victim organizations, Mandiant said.

The Chinese government was not immediately available for comment. The government has been accused recently of hacking into emails of major newspapers, which it has denied.

Tags: no company, security, Mandiant

Vulnerabilities in some Netgear router and NAS products open door to remote attacks

READ THIS ARTICLE
DO NOT SHOW THIS BOX AGAIN [ x ]
Comments are now closed.
CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Business Continuity Management Solutions

Automate business-continuity and disaster-recovery planning and enable crisis management in one solution.

Latest Jobs
Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).


  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.