Chinese army unit tied to hacks on U.S.

An infantry of hackers in one Shangai neighborhood are thought responsible for majority of attacks

Topics: China, Hacking, pla, Unit 61398, cyberattacks, Cybersecurity, New York Times, mandiant, ,

Chinese army unit tied to hacks on U.S. (Credit: Shutterstock/ Maksym Dykha)

Earlier this year, when the New York Times reported that it had been the target of hacks from China, the paper noted that the attacks were likely connected to the Chinese military. On Tuesday, the Times reported that, based on evidence confirmed by U.S. intelligence officials, there is “little doubt” that “an overwhelming percentage of the attacks on American corporations, organizations and government agencies” originate from one People’s Liberation Army unit based in the outskirts of Shanghai.

A study released Tuesday by U.S. security firm Mandiant identified PLA Unit 61398 as the most likely perpetrators of the hacks. Mandiant had been tracking hacks perpetrated by the so-called “Comment Crew” for over six years before concluding that the hackers were part of Unit 61398. Via the Times:

Unit 61398 — formally, the 2nd Bureau of the People’s Liberation Army’s General Staff Department’s 3rd Department — exists almost nowhere in official Chinese military descriptions. Yet intelligence analysts who have studied the group say it is the central element of Chinese computer espionage. The unit was described in 2011 as the “premier entity targeting the United States and Canada, most likely focusing on political, economic, and military-related intelligence” by the Project 2049 Institute, a nongovernmental organization in Virginia that studies security and policy issues in Asia.

While the Obama administration has never publicly discussed the Chinese unit’s activities, a secret State Department cable written the day before Barack Obama was elected president in November 2008 described at length American concerns about the group’s attacks on government sites. (At the time American intelligence agencies called the unit “Byzantine Candor,” a code word dropped after the cable was published by WikiLeaks.)

The majority of Comment Crew’s attacks, even those carried out against major firms like Coca-Cola to steal internal information, utilized the simple but effective spearphishing technique. Hackers gain access to entire computer networks through sending misleading emails which a user then clicks on. Security experts have expressed concern that Chinese hackers might use such techniques to control critical U.S. infrastructure. The Times noted:

What most worries American investigators is that the latest set of attacks believed coming from Unit 61398 focus not just on stealing information, but obtaining the ability to manipulate American critical infrastructure: the power grids and other utilities.

… A few years ago, administration officials say, the theft of intellectual property was an annoyance, resulting in the loss of billions of dollars of revenue. But clearly something has changed. The mounting evidence of state sponsorship, the increasing boldness of Unit 61398, and the growing threat to American infrastructure are leading officials to conclude that a far stronger response is necessary.

However, China has strongly denied involvement in any such activities. “It is unprofessional and groundless to accuse the Chinese military of launching cyberattacks without any conclusive evidence,” said China’s defense ministry last month.

Following reports on Chinese hacks targeting U.S. news publications, the Obama administration said it was considering more assertive action against this cyber-threat, although what such action might look like remains unclear. Earlier this year, the AP noted that such “actions could include threats to cancel certain visas or put major purchases of Chinese goods through national security reviews.”

Natasha Lennard

Natasha Lennard is an assistant news editor at Salon, covering non-electoral politics, general news and rabble-rousing. Follow her on Twitter @natashalennard, email

More Related Stories

Featured Slide Shows

  • Share on Twitter
  • Share on Facebook
  • 1 of 11
  • Close
  • Fullscreen
  • Thumbnails
    Rose Jay via Shutterstock

    Most popular dog breeds in America

    Labrador Retriever

    These guys are happy because their little brains literally can't grasp the concept of global warming.

    Hysteria via Shutterstock

    Most popular dog breeds in America

    German Shepherd

    This momma is happy to bring her little guy into the world, because she doesn't know that one day they'll both be dead.

    Christian Mueller via Shutterstock

    Most popular dog breeds in America

    Golden Retriever

    I bet these guys wouldn't be having so much fun if they knew the sun was going to explode one day.

    WilleeCole Photography via Shutterstock

    Most popular dog breeds in America


    This dude thinks he's tough, but only because nobody ever told him about ISIS.

    Soloviova Liudmyla via Shutterstock

    Most popular dog breeds in America


    This little lady is dreaming about her next meal-- not Sudden Infant Death Syndrome.

    Labrador Photo Video via Shutterstock

    Most popular dog breeds in America

    Yorkshire Terrier

    This trusting yorkie has never even heard the name "Bernie Madoff."

    Pavla via Shutterstock

    Most popular dog breeds in America


    She is smiling so widely because she is too stupid to understand what the Holocaust was.

    Aneta Pics via Shutterstock

    Most popular dog breeds in America


    Sure, frolic now, man. One day you're going to be euthanized and so is everyone you love.

    Dezi via Shutterstock

    Most popular dog breeds in America

    French Bulldog

    He's on a casual afternoon stroll because he is unfamiliar with the concept of eternity.

    Jagodka via Shutterstock

    Most popular dog breeds in America


    Wouldn't it be nice if we could all be this care-free? But we can't because we are basically all indirectly responsible for slavery.

  • Recent Slide Shows



Comment Preview

Your name will appear as username ( settings | log out )

You may use these HTML tags and attributes: <a href=""> <b> <em> <strong> <i> <blockquote>