China’s Secretive Unit 61398 Believed To Be Behind ‘Prolific Hacking’

A private security company has uncovered what it believes is the heart of a massive hacking effort tied to one of the world’s last superpowers in a bid to gain economic dominance. It sounds like something out of a cyberpunk novel, but today it’s non-fiction. According to the US-based security firm Mandiant, China’s secretive Unit 61398 has been behind an effort that has stolen “hundreds of terabytes of data” from as few as 141 organizations around the world.

The People’s Liberation Army isn’t a new player on the digital battleground. The PLA has been known to employ hackers in the past, and the Chinese government has been rather savvy in using its “50 Cent Party” to crowd source official talking points across Chinese social networks. What makes this case unique is the sheer scale of these alleged attacks.

Mandiant claims to have traced the source of these cyber assaults, labeled as Advanced Persistent Threat 1, to the shadowy Unit 61398, “a single organization of operators that has conducted a cyber espionage campaign against a broad range of victims since at least 2006.” Furthermore, it has outed the potential location of the unit nestled in an unassuming residential block in the middle of Shanghai.

The BBC’s John Sudworth attempted to take footage of the building and the surrounding area, but was detained by Chinese military personnel until he gave them all of his footage. Reuters had better luck, snagging some drive by footage of the unassuming building guarded by sparse security. While its facade looks like a large building with very few markings, what’s encapsulating about its appearance is just how shadowy the brave new world of cyberwarfare is. Any apartment complex, any bland looking building that could house a few dozen computers and the personnel to run them could be hiding a digital Rommel and an army capable of widespread damage.

Mandiant claims that APT1 could have hundreds or thousands of English speakers with the “right stuff” to snatch and grab what they want over dozens of networks at the same time, and who are able to sustain intrusions for well over a year. They have primarily gone after blueprints, business plans, internal documents, credentials, emails, and contact lists. The motive seems to be aligned with economic gains, paralleling industries China has indicated as important in their latest Five Year Plan.

China flatly denies all of these charges. Chinese officials told the New York Times that their government does not engage in hacking of any kind. These words have done little to dissuade leaders worldwide, as many intelligence agencies and security experts have echoed concerns of Chinese cyber attacks. White House spokesman Jay Carney said that the Obama administration “”repeatedly raised our concerns at the highest levels about cyber theft with senior Chinese officials including in the military and we will continue to do so.“

[Image via Mandiant]