News / Asia

US-China Cyber Spying Case Turns Spotlight on Shadowy Unit 61398

Part of the building of 'Unit 61398', a secretive Chinese military unit, is seen in the outskirts of Shanghai, Feb. 19, 2013.
Part of the building of 'Unit 61398', a secretive Chinese military unit, is seen in the outskirts of Shanghai, Feb. 19, 2013.
A tense stand-off between the United States and China over state-backed cyber espionage has dragged China's secretive hacking unit “61398” back into focus, after the military group was pinpointed last year for mounting cyber attacks on Western commercial targets.
U.S. authorities on Monday charged five Chinese military officers at the unit, accusing them of hacking into American nuclear, metal and solar firms to steal trade secrets. China on Tuesday summoned the U.S. ambassador in Beijing and warned it would retaliate if Washington followed through with the charges. It said the affair would damage “mutual trust.”
At the center of the argument is a nondescript tower block in the northern suburbs of China's financial capital Shanghai, home to Chinese People's Liberation Army (PLA) Unit 61398.
The 12-story block houses as many as several thousand staff, according to Mandiant, a U.S. cyber security firm recently acquired by global network security company FireEye Inc. Mandiant identified the location as the source of a large number of espionage operations in a 70-page report last year.
“This unit is one of the most prolific. The group is really active and very aggressive,” said Pierluigi Paganini, a cyber security expert and founder of Security Affairs, based in Italy.
Unit 61398's Shanghai base is kitted out with specialist fiber optic lines, while staff are trained in areas from English linguistics to covert communications, network security and cyber attack strategy, according to the Mandiant report.
The unit's operatives, working under code names such as “UglyGorilla”, “DOTA” and “SuperHard”, also have close research and recruitment ties with China's leading academic centers such as the prestigious Shanghai Jiaotong University.
Publicly available academic reports, school registers, recruitment notices and local online community notice boards show a web of social, educational and academic networks spreading out from the cyber spying unit. Military units in China are often organized in this way with schools, sports clubs and social events organized communally for unit members.
Tip of the iceberg

However, unit 61398 - more formally known as General Staff Department (GSD), Third Department, Second Bureau - is just one of dozens of similar groups based in China, and far from the foremost, said Mandiant analyst Jen Weedon.
“The unit is one of many and its tradecraft is not that great. They are one of the ones that doesn't seem to mind leaving traces behind,” she told Reuters.
The unit, which started operating in or before 2006, saw activity drop sharply in the wake of the 2013 Mandiant report, but has since returned to “business as usual” after it overhauled some of its hacking techniques, Weedon added.
The new allegations are that Chinese state-owned firms “hired” the unit, which used a range of cyber attack methods to illegally gather corporate information from mostly U.S. firms and help give Chinese companies a competitive edge.
The unit “stole sensitive, internal communications”, using tactics such as “spear phishing” emails to gain access to employees' computers, after which it was able to collect internal data, according to the indictment document, posted on the United States Department of Justice website.
Federal prosecutors said the suspects targeted companies including Alcoa Inc, Allegheny Technologies Inc., United States Steel Corp, Toshiba Corp unit Westinghouse Electric Co, the U.S. subsidiaries of SolarWorld AG , and a steel workers' union.
Unit 61398 - or at least one very much like it - also stole data from at least one U.S. government agency in a hacking campaign named 'Byzantine Candor', according to diplomatic cables released by Wikileaks.
“Hackers based in Shanghai and linked to the PRC's People's Liberation Army [PLA] Third Department” stole data from at least one U.S. government agency, according to a leaked 2008 cable.
Officials in Washington have argued for years that cyber espionage is a top national security concern, and the battle is heating up. Both sides have ramped up public and private confrontation, including at a summit last year between U.S. President Barack Obama and Chinese President Xi Jinping.
China has denied the unit is involved in cyber espionage, and insists the country is more a victim than a perpetrator of cyber attacks.
Paganini said he was not surprised at the latest turn of events, which he described as just the “tip of the iceberg”.
“I believe there's an ongoing battle in the cyberspace. These countries are investing large amounts in cyber units that are able to create specific malware and have the ability to get into foreign networks and computers to steal trade secrets and intellectual properties,” he said.

You May Like

Isolation, Despair Weigh on Refugees in Remote German Camp

Refugees resettled near village of Holzdorf deep in German forestland say there is limited interaction with public, mutual feelings of distrust

Britons Divided Over Bombing IS

Surveys show Europeans generally support more military action against Islamic State militants, but sizable opposition exists in Britain

Russia Blacklists Soros Foundations as 'Undesirable'

Russian officials add Soros groups to a list of foreign and international organizations banned from giving grants to Russian partners

Featured Videos

Your JavaScript is turned off or you have an old version of Adobe's Flash Player. Get the latest Flash player.
With HIV, Can We Get to Zero?i
Carol Pearson
November 29, 2015 1:23 PM
The theme of this year's World AIDS Day is "Getting to Zero." The U.N. says new HIV infections have been reduced by 35 percent since 2000 and AIDS-related deaths are down by 42 percent since the peak in 2004. VOA's Carol Pearson takes a look at what it might take to actually have an AIDS-free generation.

Video With HIV, Can We Get to Zero?

The theme of this year's World AIDS Day is "Getting to Zero." The U.N. says new HIV infections have been reduced by 35 percent since 2000 and AIDS-related deaths are down by 42 percent since the peak in 2004. VOA's Carol Pearson takes a look at what it might take to actually have an AIDS-free generation.

Video Political Motives Seen Behind Cancelled Cambodian Water Festival

For the fourth time in the five years since more than 350 people were killed in a stampede at Cambodia’s annual water festival, authorities canceled the event this year. Officials blamed environmental reasons as the cause, but many see it as fallout from rising political tensions with a fresh wave of ruling party intimidation against the opposition. David Boyle reports from Phnom Penh.

Video African Circus Gives At-Risk Youth a 2nd Chance

Ethiopia hosted the first African Circus Arts Festival this past weekend with performers from seven different African countries. Most of the performers are youngsters coming form challenging backgrounds who say the circus gave them a second chance.

Video US Lawmakers Brace for End-of-Year Battles

U.S. lawmakers are returning to Washington for Congress’ final working weeks of the year. And, as VOA's Michael Bowman reports, a full slate of legislative business awaits them, from keeping the federal government open to resolving a battle with the White House over the admittance of Syrian refugees.

Video Taiwan Looks for Role in South China Sea Dispute

The Taiwanese government is one of several that claims territory in the hotly contested South China Sea, but Taipei has long been sidelined in the dispute, overshadowed by China. Now, as the Philippines challenges Beijing’s claims in an international court at The Hague, Taipei is looking to publicly assert its claims. VOA’s Bill Ide has more from Beijing.

Video After Terrorist Attacks, Support for Refugees Fades

The terrorists who killed and injured almost 500 people around Paris this month are mostly French or Belgian nationals. But at least two apparently took advantage of Europe’s migrant crisis to sneak into the region. The discovery has hardened views about legitimate refugees, including those fleeing the same extremist violence that hit the French capital. Lisa Bryant has this report for VOA from the Paris suburb of Cergy-Pontoise

Video Syrian Refugees in US Express Concern for Those Left Behind

Syrian immigrants in the United States are concerned about the negative tide of public opinion and the politicians who want to block a U.S. plan to accept 10,000 Syrian refugees. Zlatica Hoke reports many Americans are fighting to dispel suspicions linking refugees to terrorists.

Video Thais Send Security Concerns Down the River

As Thailand takes in the annual Loy Krathong festival, many ponder the country’s future and security. Steve Sandford reports from Chiang Mai.

Video Islamic State Unfazed by Losses in Iraq, Syria

Progress in the U.S.-led effort to beat Islamic State on its home turf in Iraq and Syria has led some to speculate the terror group may be growing desperate. But counterterror officials say that is not the case, and warn the recent spate of terror attacks is merely part of the group’s evolution. VOA National Security correspondent Jeff Seldin has more.

Video Belgium-Germany Border Remains Porous, Even As Manhunt For Paris Attacker Continues

One of the suspected gunmen in the Nov. 13 Paris attacks, Salah Abdeslam, evaded law enforcement, made his way to Belgium, and is now believed to have fled to Germany. VOA correspondent Ayesha Tanzeem makes the journey across the border from Belgium into Germany to see how porous the borders really are.

Video US, Cambodian Navies Pair Up in Gulf of Thailand

The U.S. Navy has deployed one of its newest and most advanced ships to Cambodia to conduct joint training drills in the Gulf of Thailand. Riding hull-to-hull with Cambodian ships, the seamen of the USS Fort Worth are executing joint-training drills that will help build relations in Southeast Asia. David Boyle reports for VOA from Preah Sihanouk province.

Video Uncertain Future for Syrian Refugee Resettlement in Illinois

For the trickle of Syrian refugees finding new homes in the Midwest city of Chicago, the call to end resettlement in many U.S. states is adding another dimension to their long journey fleeing war. Organizations working to help them integrate say the backlash since the Paris attacks is both harming and helping their efforts to provide refugees sanctuary. VOA's Kane Farabaugh reports.

VOA Blogs