Wiki English
Wiki EnglishWiki DeutschWiki Nederlands

Pla Unit 61398

PLA Unit 61398 (also known as APT1, Comment Crew, Comment Panda, GIF89a, or Byzantine Candor; Chinese: 61398部队, Pinyin: 61398 bùduì) is the Military Unit Cover Designator (MUCD) of a People's Liberation Army advanced persistent threat unit that has been alleged to be a source of Chinese computer hacking attacks.

The unit is stationed in Pudong, Shanghai, and has been cited by US intelligence agencies since 2002.

People's Liberation Army Unit 61398
61398部队
Pla Unit 61398
Emblem of the People's Liberation Army
Active2014-Present
CountryPla Unit 61398 People's Republic of China
AllegiancePla Unit 61398 Chinese Communist Party
BranchPla Unit 61398 People's Liberation Army Strategic Support Force
TypeCyber force, Cyber-espionage Unit
RoleCyber warfare
Electronic warfare
Part ofPla Unit 61398 People's Liberation Army
Garrison/HQTonggang Road, Pudong, Shanghai
Nickname(s)
  • APT 1
  • Comment Crew
  • Comment Panda
  • GIF89a
  • Byzantine Candor
  • Group 3
  • Threat Group 8223
Engagements

History

Pla Unit 61398 
From left, Chinese military officers Gu Chunhui, Huang Zhenyu, Sun Kailiang, Wang Dong, and Wen Xinyu indicted on cyber espionage charges.

A report by the computer security firm Mandiant stated that PLA Unit 61398 is believed to operate under the 2nd Bureau of the People's Liberation Army General Staff Department (GSD) Third Department (总参三部二局) and that there is evidence that it contains, or is itself, an entity Mandiant calls APT1, part of the advanced persistent threat that has attacked a broad range of corporations and government entities around the world since at least 2006. APT1 is described as comprising four large networks in Shanghai, two of which serve the Pudong New Area. It is one of more than 20 APT groups with origins in China. The Third and Fourth Department, responsible for electronic warfare, are believed to comprise the PLA units mainly responsible for infiltrating and manipulating computer networks.

2014 indictment

On 19 May 2014, the US Department of Justice announced that a Federal grand jury had returned an indictment of five 61398 officers on charges of theft of confidential business information and intellectual property from U.S. commercial firms and of planting malware on their computers. The five are Huang Zhenyu (黄振宇), Wen Xinyu (文新宇), Sun Kailiang (孙凯亮), Gu Chunhui (顾春晖), and Wang Dong (王东). Forensic evidence traces the base of operations to a 12-story building off Datong Road in a public, mixed-use area of Pudong in Shanghai. The group is also known by various other names including "Advanced Persistent Threat 1" ("APT1"), "the Comment group" and "Byzantine Candor", a codename given by US intelligence agencies since 2002.

The group often compromises internal software "comment" features on legitimate web pages to infiltrate target computers that access the sites, leading it to be known as "the Comment Crew" or "Comment Group". The collective has stolen trade secrets and other confidential information from numerous foreign businesses and organizations over the course of seven years such as Lockheed Martin, Telvent, and other companies in the shipping, aeronautics, arms, energy, manufacturing, engineering, electronics, financial, and software sectors.

Dell SecureWorks says it believed the group includes the same group of attackers behind Operation Shady RAT, an extensive computer espionage campaign uncovered in 2011 in which more than 70 organizations over a five-year period, including the United Nations, government agencies in the United States, Canada, South Korea, Taiwan and Vietnam, were targeted.

The attacks documented in the summer of 2011 represent a fragment of the Comment group's attacks, which go back at least to 2002, according to incident reports and investigators. In 2012, FireEye, Inc. stated that they had tracked hundreds of targets in the last three years and estimated the group had attacked more than 1,000 organizations.

Most activity between malware embedded in a compromised system and the malware's controllers takes place during business hours in Beijing's time zone, suggesting that the group is professionally hired, rather than private hackers inspired by patriotic passions.

A 2020 report in Daily News and Analysis stated that the unit was eyeing information related to defense and research in India.

Public position of the Chinese government

Until 2013, the Government of China has consistently denied that it is involved in hacking. In response to the Mandiant Corporation report about Unit 61398, Hong Lei, a spokesperson for the Chinese foreign ministry, said such allegations were "unprofessional".

See also

References

31°20′57.43″N 121°34′24.74″E / 31.3492861°N 121.5735389°E / 31.3492861; 121.5735389

Tags:

Pla Unit 61398 HistoryPla Unit 61398 Public position of the Chinese governmentPla Unit 61398

🔥 Trending searches on Wiki English:

Pathu ThalaMargot Robbie2022–23 Premier LeagueLonnie FrisbeeU-Turn (2023 film)English languageBlood Meridian59th Baeksang Arts AwardsTikTokRon DeSantisCheryl HinesLim Ji-yeonRebecca BroussardJudy BlumeGame of ThronesSelena GomezFast & FuriousList of James Bond filmsJennifer ConnellyGoogle TranslateAbby and Brittany HenselMacOSDwyane WadeThe Night AgentGervonta DavisThe Flash (film)Antonio BrownPeter Michael EscovedoPeter Pan & WendyJared GoffNew ZealandBBC World ServiceYouTube KidsStone of SconeThe Little Mermaid (2023 film)Carroll ShelbyRachel McAdamsE. Jean CarrollKylian MbappéJoey PorterOlivia WildeErling HaalandGhosted (2023 film)Air (2023 film)Varginha UFO incidentPedro PascalUnited StatesXXX (film series)Fatima BhuttoNeatsville, KentuckyWoodstockRyan ReynoldsDomantas SabonisMain PageAri AsterIOSHenry CavillWagner GroupRobin WilliamsCharles IIIMichael B. JordanMary-Kate OlsenBeyoncéRoy HodgsonAlia BhattDasara (film)RudhranRachel ZeglerWoody HarrelsonSong Hye-kyoPeso PlumaAaron Taylor-JohnsonGermanyRussiaBenito MussoliniSpainOttoman EmpireList of states and territories of the United States🡆 More