The mysterious Chinese unit behind the cyberespionage charges

On Monday, the United States government leveled for the first time charges against a group of identified Chinese military officers, allegedly for stealing American trade secrets through cyberespionage. The individuals named in the indictment are all members of a mysterious unit within the Chinese People’s Liberation Army (PLA) command structure, known as Unit 61398. It is estimated that the unit has targeted at least 1,000 private or public companies and organizations in the past 12 years. Western cybersecurity experts often refer to the group as “APT1”, which stands for “Advanced Persistent Threat 1”, or “Byzantine Candor”. It is believed to operate under the Second Bureau of the PLA’s General Staff Department, which is responsible for collecting foreign military intelligence. Many China military observers argue that Unit 61398 is staffed by several thousand operatives, who can be broadly categorized into two groups: one consisting of computer programmers and network operations experts, and the other consisting of English-language specialists, with the most talented members of the Unit combining both skills. Computer forensics experts have traced the Unit’s online activities to several large computer networks operating out of Shanghai’s Pudong New Area district, a heavily built neighborhood in China’s largest city, which serves as a symbol of the country’s rapid industrialization and urbanization. Among other things, Unit 61398 is generally accused of being behind Operation SHADY RAT, one of history’s most extensive known cyberespionage campaigns, which targeted nearly 100 companies, governments and international organizations, between 2006 and 2011. The operation is believed to be just one of numerous schemes devised by Unit 61398 in its effort to acquire trade secrets from nearly every country in the world during the past decade, say its detractors. American sources claim that the PLA Unit spends most of its time attacking private, rather than government-run, networks and servers. As the US Attorney General, Eric Holder, told reporters on Monday, Unit 61398 conducts hacking “for no reason other than to advantage state-owned companies and other interests in China, at the expense of businesses here in the United States”. But The Washington Post points out that the recent revelations by US intelligence defector Edward Snowden arguably make it “easier for China to dismiss” Washington’s charges, since they point to systematic “cyber intrusion, wiretapping and surveillance activities [by the US National Security Agency] against Chinese government departments, institutions, companies, universities and individuals”. The administration of US President Barack Obama argues that American espionage targeting China focuses solely on national security and that the information collected does not get passed on to American companies. However, as The New York Times reports, Beijing argues that “the distinction [between national-security and economic espionage] is an American artifact, devised for commercial advantage”. The Chinese, says the paper, view business intelligence as “part of the fabric of national security”, especially since China’s international clout critically depends on it economic prowess.

2 Responses to The mysterious Chinese unit behind the cyberespionage charges

  1. Reblogged this on Spies and Lies Blog and commented:
    Advanced Persistent Threat 1 – excellent blog post about the alleged Chinese cyberespionage outfit from IntelNews.

  2. Pete says:

    The US charging senior PLA cyber officers for breaking cyber espionage laws could rebound on the US. This is in the sense the US is creating an international legal precedent for China, EU countries, Russia and Latin America (especially Mexico and Brazil) to charge senior NSA or US Administration officials with cyber espionage. This could happen years down the track to retired US officials (all with no Diplomatic Immunity) when they are tourists in any of those countries.

We welcome informed comments and corrections. Comments attacking or deriding the author(s), instead of addressing the content of articles, will NOT be approved for publication.

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: