Follow Slashdot stories on Twitter


Forgot your password?
This discussion has been archived. No new comments can be posted.

Security Firm Mandiant Says China's Army Runs Hacking Group APT1

Comments Filter:
  • by coldsalmon (946941) on Tuesday February 19, 2013 @11:26AM (#42944861)

    The People's Liberation Army is part of the Chinese Communist Party, not the Chinese state.

  • Actual Report Here (Score:5, Informative)

    by guttentag (313541) on Tuesday February 19, 2013 @12:00PM (#42945211) Journal
    Direct Link to the 6.8 MB PDF file here [].

    Mandiant page with appendix and hashes for their materials here [].

    I was reading through this last night and it contains some interesting details, but is also something of an advertisement for Mandiant's services. Some highlights:
    • The name of the group is People's Liberation Army Unit 61398 in Shanghai, and Mandiant has found that one of their personas uses easy to remember passwords for the many accounts he sets up, including a sort of mnemonic for the unit's number (“2j3c1k” likely stands for 2 ju 3 chu 1 ke, which likely stands for 2nd Bureau, 3rd Division, 1st Section, which is the official name of Unit 61398). The majority of attacks come from the neighborhood where this unit is based, and they have been supplied with "special" fiber connections "in the name of national defense."
    • The group is focused on the U.S. and Canada, and is mostly interested in attacking the information technology industry, but has taken an interest in aerospace, public administration, satellites and telecom, scientific research, energy and transportation.
    • They include interesting profiles of three "personas" known to be involved in the units attacks: Malware author "Ugly Gorilla" (a.k.a. "Wang Dong"), hacker "DOTA" (whose gmail account they claim to have broken into, and they provide a screenshot) and tool author "SuperHard" (Mei Qiang).
    • The group uses the term “rouji,” which translates to "Meat Chicken," in their software to refer to infected computers.

"What I've done, of course, is total garbage." -- R. Willard, Pure Math 430a