Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

New report says cyberspying group linked to China's army

Mandiant said in a report that the group was a People's Liberation Army unit under cover

A new report traces a large cybersecurity threat group to China's People's Liberation Army, specifically an unit that goes under the cover name "Unit 61398".

Security company Mandiant said in a report released Tuesday that an Advanced Persistent Threat group it called APT1 was one of the most persistent of China's cyberthreat actors because of its likely government support.

"In seeking to identify the organization behind this activity, our research found that People's Liberation Army (PLA's) Unit 61398 is similar to APT1 in its mission, capabilities, and resources," Mandiant said in its report. "PLA Unit 61398 is also located in precisely the same area from which APT1 activity appears to originate."

Unit 61398 is said to be located in a 130,663 square-foot building on Datong Road in Gaoqiaozhen, in the Pudong New Area of Shanghai.

The nature of the work of "Unit 61398" is considered by China to be a state secret, but Mandiant said it believes it engages in harmful computer network operations.

The group has a sinister track record, according to Mandiant, as since 2006, it has observed APT1 compromise 141 companies spanning 20 major industries. 87 percent of the target companies are headquartered in countries where English is the native language, and are in industries that China has identified as strategic.

APT1 uses tools that the security firm finds have not been used by other groups, including two tools for stealing emails called GETMAIL and MAPIGET. Once the group has established access, it periodically revisits the victim's network over several months or years to steal a variety of intellectual property, including technology blueprints, proprietary manufacturing processes, test results, business plans, pricing documents, partnership agreements, and emails and contact lists from the leadership of the victim organizations, Mandiant said.

The Chinese government was not immediately available for comment. The government has been accused recently of hacking into emails of major newspapers, which it has denied.

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

Comments are now closed.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: no company, security, Mandiant
Latest Blog Posts
Whitepapers
  • IBM X-Force Threat Intelligence
    In the second half of 2013, the advancement of security breaches across all industries continued to rise. Within this report, we’ll explain how more than half a billion records of personally identifiable information (PII) such as names, emails, credit card numbers and passwords were leaked in 2013 - and how these security incidents show no signs of stopping.
    Learn more »
  • Swiss Nuclear Power Plant Improves Business Continuity
    Learn how Kernkraftwerk Leibstadt (KKL), a Swiss nuclear power plant, achieved 95% virtualization with 50% fewer servers in just two months by implementing a Vblock System. The solution ensures that KKL can reliably deliver the continuous electricity supply safely and cost effectively.
    Learn more »
  • The Three Essential Steps to Successful Cloud Migration
    Businesses and enterprises have quickly realised the power and efficiency of cloud computing, but migrating to the cloud can be a challenging process. This guide leads you through the three key steps you should take to assess your workload, select the most appropriate cloud model and ensure your cloud provider’s migration methodology stacks up.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.
Latest Jobs
Salary Calculator

Supplied by

View the full Peoplebank ICT Salary & Employment Index

Recent comments

Computerworld
ARN
Techworld
CMO