Chinese hackers resume attacks on U.S. targets

Shame campaign by Obama administration fails to deter cyber bandits.

For the last three months or so, the U.S. government and some of its defense contractors have engaged in a war of shame on China to pressure it to cool its cyber-attacks on U.S. targets. The campaign appeared to be yielding results, but it seems that Chinese hackers were only catching their breath.

The notorious Unit 61398, also known as the "Comment Crew,"--an elite cyber unit linked by U.S. security firms to the China's People's Liberation Army (PLA)--has renewed its raids on U.S. entities using different techniques, the New York Times reported Sunday.

Cyber security firm Mandiant told the Times that the attacks had been renewed, but would not identify the targets--although it did acknowledge that many of them were the same ones assaulted earlier by the Chinese cyber unit.

Mandiant did not respond to a request for comment for this story.


Mandiant released a report in February that kicked off the shame campaign against China. In it, it tied Unit 61398 to cyber-attacks on 141 companies--87 percent of them have headquarters in English-speaking countries and against companies that work in 20 industries considered strategic by China.

Immediately following the report's release, China repudiated the document, maintaining it was based on flawed evidence.

Nevertheless, the attacks began to abate after the report's release, and the hackers removed their spy tools from the organizations they had infiltrated, according to Mandiant.

Over the past two months, however, Mandiant found an uptick in infiltration activity aimed at the same companies but originating from different servers.

Activity now is about 60 to 70 percent of what it was before the hiatus began in February, Mandiant estimated.

Not a good strategy?

The shame campaign was a dubious strategy, asserted Jeffrey Carr, CEO of Taia Global and author of Inside Cyber Warfare: Mapping the Cyber Underworld.

"It's a terrible idea," he told PCWorld.

Shame, as a diplomatic tool, doesn't seem to work however it is used. "We've tried to use it to shame North Korea into behaving itself and obviously that hasn't worked," Richard Stiennon, chief research analyst at IT-Harvest, told PCWorld.

Carr said that the U.S. government needs to cooperate and collaborate with China to pursue criminal groups engaging in intellectual property theft.

"You're not going to stop a government from engaging in espionage, so that should just be off the table," he said.

What might work

By collaborating with China to attack groups operating within its border or commandeering its computers from outside its borders for criminal espionage activity, much data theft could be stopped, Carr said.

"The New York Times and Mandiant have collaborated on this theory that Comment Crew is part of the PLA," Carr added. "Mandiant has never established that. It just made the claim that it is."

Another way to counter cyber threats from China is to make it more expensive for the hackers to get the information they want, added Stiennon.

"Right now it's very inexpensive to engage in these cyber-attacks," he said.

"Mandiant's report slowed them down, forced them to retrench, pull their tools out, and reengage," he continued. "They spent a lot of man hours because of that report."

"That reaction was expensive for the attackers," he added.

Join the CSO newsletter!

Error: Please check your email address.

Tags hackersnew york timessecurityCyberattackMandiant

More about Cyber Warfare

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by John P. Mello Jr.

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts