Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?
China Security The Military Your Rights Online

Security Firm Mandiant Says China's Army Runs Hacking Group APT1 137

judgecorp writes "The Chinese government has been accused of backing the APT1 hacking group, which appears to be part of the Chinese People's Liberation Army (PLA), according to the security firm which worked with the New York Times when it fell victim to an attack. The firm, Mandiant, says that APT1 is government sponsored, and seems to operate from the same location as PLA Unit 61398." Unsurprisingly, this claim is denied by Chinese officials. You can read the report itself online (PDF), or skim the highlights.
This discussion has been archived. No new comments can be posted.

Security Firm Mandiant Says China's Army Runs Hacking Group APT1

Comments Filter:
  • by coldsalmon ( 946941 ) on Tuesday February 19, 2013 @11:26AM (#42944861)

    The People's Liberation Army is part of the Chinese Communist Party, not the Chinese state.

  • Actual Report Here (Score:5, Informative)

    by guttentag ( 313541 ) on Tuesday February 19, 2013 @12:00PM (#42945211) Journal
    Direct Link to the 6.8 MB PDF file here [].

    Mandiant page with appendix and hashes for their materials here [].

    I was reading through this last night and it contains some interesting details, but is also something of an advertisement for Mandiant's services. Some highlights:
    • The name of the group is People's Liberation Army Unit 61398 in Shanghai, and Mandiant has found that one of their personas uses easy to remember passwords for the many accounts he sets up, including a sort of mnemonic for the unit's number (“2j3c1k” likely stands for 2 ju 3 chu 1 ke, which likely stands for 2nd Bureau, 3rd Division, 1st Section, which is the official name of Unit 61398). The majority of attacks come from the neighborhood where this unit is based, and they have been supplied with "special" fiber connections "in the name of national defense."
    • The group is focused on the U.S. and Canada, and is mostly interested in attacking the information technology industry, but has taken an interest in aerospace, public administration, satellites and telecom, scientific research, energy and transportation.
    • They include interesting profiles of three "personas" known to be involved in the units attacks: Malware author "Ugly Gorilla" (a.k.a. "Wang Dong"), hacker "DOTA" (whose gmail account they claim to have broken into, and they provide a screenshot) and tool author "SuperHard" (Mei Qiang).
    • The group uses the term “rouji,” which translates to "Meat Chicken," in their software to refer to infected computers.

The first Rotarian was the first man to call John the Baptist "Jack." -- H.L. Mencken