Unit 61398, allegedly sponsored by the PLA, is back at it again
A group of Chinese hackers, allegedly sponsored by the People’s Liberation Army (PLA), has returned to attack numerous US targets, continuing a significant cyber espionage operation.
Earlier this year, security company Mandiant claimed Unit 61398, based out of Shanghai, hit almost 150 organisations over a seven-year period. It was labelled “one of the most prolific cyber espionage groups” ever, stealing large amounts of intellectual property and government data.
It was believed the group had gone quiet since the Mandiant report, but it is now attacking again, using different tactics in an attempt to avoid detection, according to the New York Times. The newspaper employed Mandiant to look into attacks on New York Times’ infrastructure.
The security company would not specify who the targets were, but said the victims were many of the same ones the Chinese group had attacked before. It’s believed the hackers had previously hit Coca-Cola and security firm RSA, in attacks that sought to gain information from defence contractor Lockheed Martin.
One senior official in the Obama administration said they were not surprised Unit 61398 was at it again, adding that the Chinese had to be “convinced there is a real cost to this kind of activity”.
Crowdstrike backed up the claims of Mandiant, saying it was “business as usual” for the cyber squadron.
The US is particularly wary of anything involving China and technology. It has already warned of using networking technologies from Huawei and ZTE.
Yet relations between China and the US appear to be improving at least by a little. The former has offered an olive branch by setting up a working group on cyber issues with the US.
What do you know about Internet security? Find out with our quiz!