Chinese Army hacks 141 firms; shadowy Unit 61398 fingered

What is "Unit 61398"?

Chinese APT

Who are "Byzantine Candor"? Where is it based? Why is the Chinese government said to be stealing companies' intellectual property? A security group says it knows, and warns of advanced, persistent threats to national security from the People's Republic.

In IT Blogwatch, bloggers examine new PRC APT allegations.

Your humble blogwatcher curated these bloggy bits for your entertainment.

John Ribeiro points the finger at the part of the Chinese Army that's allegedly responsible:

...specifically an unit that goes under the cover name "Unit 61398." ... Unit 61398 is said to be located in a 130,663 square-foot building on Datong Road in Gaoqiaozhen...Shanghai. ... The group has a sinister track record, according to Mandiant...compromis[ing] 141 companies spanning 20 major industries.

...

Once the group has established access, it periodically revisits the victim's network...to steal a variety of intellectual property...Mandiant said. ... China's Foreign Ministry said...the nation is firmly opposed to hacking.  MORE

Ben Blanchard and Joseph Menn have more:

The Chinese Foreign Ministry said...it doubted the evidence provided in the report. ... "We don't know how the evidence in this so-called report can be tenable," spokesman Hong Lei [said]. "Arbitrary criticism based on rudimentary data is irresponsible."

...

Most of the victims were [said to be] located in the United States. ... The information stolen ranged from details on mergers and acquisitions to the emails of senior employees. ... U.S. officials have complained in the past to China about sanctioned trade-secret theft, but have had a limited public record to point to.  MORE

Mandiant's Dan Mcwhorter opens the kimono:

[We] released an unprecedented report exposing APT1′s multi-year, enterprise-scale computer espionage campaign. [It's] one of dozens of threat groups [but] one of the most prolific.

...

The decision to publish a significant part of our intelligence about Unit 61398 was a painstaking one. ... It is time to acknowledge the threat is originating from China, and we wanted to do our part. ... Without establishing a solid connection to China, there will always be room...to dismiss APT actions as...peripheral to larger national security and global economic concerns.  MORE

Adam Clark Estes waxes alarming:

Remember that scary...column Obama wrote last year, describing...a crippling cyber attack that shut down our power grid and poisoned our water? ... The level of detail in [the] report is intimidating...horrifying for the hackers implicated.

...

The unit's more commonly known as the "Comment Crew" or the "Shanghai Group." ...a diplomatic cable released by WikiLeaks...detailed the group's activity. ...at this point, it seems impossible not to include China on the list of suspects.  MORE

Meanwhile, Higher Living offers this contrasting viewpoint:

...nobody is dying, which is preferable to some of the other conflicts that the US is engaged in.

...

What would the United States do if the Chinese had a large naval presence permanently stationed...off New York, San Franciso and Los Angeles and regularly conducted obvious spying flights? ...that’s what China has right on its ocean facing borders. ...you can’t expect a great power to put up with that for much longer.

...

China is...a great power in its own right and crowding it in isn’t likely to be looked on kindly in Beijing. What they do about it will be an indication of how power relations play out.  MORE

Computerworld Blogs Newsletter

Subscribe now to the Blogs Newsletter for a daily summary of the most recent and relevant blog posts at Computerworld.  

FREE Computerworld Insider Guide: Five IT certifications that won’t break you
Join the discussion
Be the first to comment on this article. Our Commenting Policies