Twitter Facebook Google RSS
 
National Defense > Blog > Posts > Chinese Army's Unit 61398 Hacking Group Back in Action
Chinese Army's Unit 61398 Hacking Group Back in Action
By Yasmin Tadjdeh



An infamous hacking group affiliated with China's military that was exposed in February has quietly returned after laying low for several months, said an expert with the consulting firm that outed it.

Mandiant released a report
 that pinned numerous cyber-intrusions on Unit 61398 of China's People Liberation Army. The unit, which is based in Shanghai, curtailed its activities after the report's initial release, said Richard Bejtlich, the firm's chief security officer, but it has recently begun to pick up where it left off.

"The group itself went quiet for a while. They changed the nature of their activities [and] they removed some of the tools they had been using inside different companies. But over the course of the last several weeks, it seems like they are starting to come back and ramp up,"
Bejtlich said May 15 at the Center for National Policy, a Washington, D.C.-based think tank.

Unit 61398 has been linked to the theft of huge amounts of intellectual property throughout the world, according to the Mandiant report. It has stolen hundreds of terabytes of data from at least 141 organizations, with the majority of them based in English-speaking countries. It is possible that the unit employs hundreds of operators, the report said.

Besides Unit 61398, Mandiant is monitoring 23 other known hacker groups throughout the world. While he could not say exactly how much data has been stolen, he said it is enormous.

But the threat isn't just in lost data, Bejtlich said. If a group can infiltrate a network to steal data, it can also destroy that network.

"Whenever you hear someone say, 'Don't worry, it's just espionage.' [It's important to realize that] espionage easily can escalate to destruction. It's just the prerogative of the intruder," said Bejtlich.

Another issue Betjlich highlighted was the corruption of data, which he called a "middle ground" between espionage and destruction.

"In some ways it's the toughest one to identify because most companies don't necessarily know what the data should be," he said.

Several cybersecurity bills were introduced into Congress during the 112th session, but none came to fruition. Earlier this year, President Barack Obama announced an executive order which asked in part for an expansion of the Defense Industrial Base Information Sharing Program, which alerts the Defense Department to attacks on participating companies' software.

While Bejtlich called on Congress to pass legislation, he also said solutions could be found by countries working together. Better communication between nations, and firmer regulations and rules could help alleviate some cyber-attacks. Even a pact between just a handful of countries would be beneficial if it could evolve beyond only talking, Bejtlich said.

"I think government-to-government discussions are necessary, but they will not be sufficient. I think we will ultimately be disappointed if it's simply a discussion," said Bejtlich.

The United States, United Kingdom, Canada, Australia, New Zealand and Israel are the top countries in the world when it comes to cyberdefense, said Bejtlich. Japan and South Korea are also beefing up their defensive capabilities in light of more frequent attacks, he said.

Photo Credit: Thinkstock

Comments

There are no comments yet for this post.
Items on this list require content approval. Your submission will not appear in public views until approved by someone with proper rights. More information on content approval.

Name: *

eMail *

Comment *

Title

Attachments

Name: *


eMail *


Comment *


 

Refresh
Please enter the text displayed in the image.
The picture contains 6 characters.

Characters *

  

Legal Notice *

NDIA is not responsible for screening, policing, editing, or monitoring your or another user's postings and encourages all of its users to use reasonable discretion and caution in evaluating or reviewing any posting. Moreover, and except as provided below with respect to NDIA's right and ability to delete or remove a posting (or any part thereof), NDIA does not endorse, oppose, or edit any opinion or information provided by you or another user and does not make any representation with respect to, nor does it endorse the accuracy, completeness, timeliness, or reliability of any advice, opinion, statement, or other material displayed, uploaded, or distributed by you or any other user. Nevertheless, NDIA reserves the right to delete or take other action with respect to postings (or parts thereof) that NDIA believes in good faith violate this Legal Notice and/or are potentially harmful or unlawful. If you violate this Legal Notice, NDIA may, in its sole discretion, delete the unacceptable content from your posting, remove or delete the posting in its entirety, issue you a warning, and/or terminate your use of the NDIA site. Moreover, it is a policy of NDIA to take appropriate actions under the Digital Millennium Copyright Act and other applicable intellectual property laws. If you become aware of postings that violate these rules regarding acceptable behavior or content, you may contact NDIA at 703.522.1820.

 

 

Bookmark and Share