Skip to main content
Part of complete coverage on

What we know about the Chinese army's alleged cyber spying unit

By Zoe Li, CNN
updated 5:11 AM EDT, Tue May 20, 2014
STORY HIGHLIGHTS
  • Shadowy PLA unit coded as 61398 could be responsible for cyber espionage
  • U.S.-based security firm Mandiant studied hacking activity originating from China over a six-year period
  • Mandiant says it has details on the what, where, who, and how of unit 61398
  • Chinese authorities deny any connection between the military and cyber espionage

(CNN) -- "UglyGorilla," "KandyGoo," and "WinXYHappy" are some of the aliases used by the Chinese accused of hacking U.S. companies on Monday.

The men behind these handles are officers of the People's Liberation Army (PLA) under a unit known simply by the code 61398.

Little is confirmed about the mysterious unit 61398, a section that the Chinese authorities have not officially acknowledged. The Chinese defense ministry said the country's military "has never supported any hacker activities."

But the U.S. indictment notice pinpoints a non-descript building on Datong Road in Shanghai's Pudong District as one of the locations for unit 61398's alleged cyber espionage activities.

The Shanghai building allegedly home to a part of the PLA's unit 61398.  The Shanghai building allegedly home to a part of the PLA's unit 61398.
The Shanghai building allegedly home to a part of the PLA's unit 61398.The Shanghai building allegedly home to a part of the PLA's unit 61398.

When CNN tried to visit the building last year, our correspondents were chased away by security guards, as seen in the video above.

What is unit 61398 and what do they do? U.S.-based Internet security firm Mandiant released a 60-page report last year detailing allegations against the shadowy unit over a six-year period.

U.S. vulnerable to Chinese cyberspies?
Chinese accused of hacking US secrets
Snowden: U.S. hacked targets in China

According to Mandiant's document and the U.S. indictment, here's what we know about the secret division.

Capable

Mandiant says unit 61398 is also known as the "comment crew," and has systematically stolen hundreds of terabytes of data from at least 141 organizations across 20 industries worldwide since as early as 2006.

Large

Mandiant estimates that more than 1,000 servers are being used by unit 61398.

The security firm believes the unit employs anywhere from hundreds to thousands of staff. A look at the physical size of the building in Shanghai -- 12 floors high, with more than 130,000 square feet of space -- suggests the unit could house around 2,000 people.

Focused

Mandiant observed 141 companies targeted by unit 61398, out of which 115 were in the United States. These were blue-chip companies in important industries such as aerospace, satellite and telecommunications, and information technology -- strategic industries that were identified in China's five year plan for 2011 to 2015.

"It's really a who's who of American companies," says Grady Summers, Mandiant's vice president.

Some of the alleged victims included in the latest indictment are U.S. Steel Corp., Westinghouse, Alcoa, Allegheny Technologies, the United Steel Workers Union and SolarWorld.

Well-supported

Unit 61398 was given a special fiber optic communication infrastructure by state-owned enterprise China Telecom in the name of national defense, Mandiant reported.

Tricky

The accused Chinese hackers reportedly use spear-phishing to hack into companies. The simple trick makes scam emails appear like they are from someone the receiver actually knows. For example, the emails would be personally addressed and signed by another employee in the same company.

Spear-phishers may scan social media to find out personal details about a victim to make the scam emails seem legitimate.

Tip of the iceberg

Unit 61398 is just one of more than 20 cyber attack groups with origins in China, says Mandiant.

ADVERTISEMENT
Part of complete coverage on
updated 7:13 AM EDT, Fri October 17, 2014
A smuggler in Dandong, a Chinese border town near North Korea, tells CNN about the underground trade with North Korean soldiers
updated 2:54 AM EDT, Fri October 17, 2014
Yenn Wong got quite a surprise one morning earlier this month when she found out an exact copy of her Hong Kong restaurant had opened in China.
updated 11:15 PM EDT, Tue October 14, 2014
When I first came across a "virtual lover" service on e-commerce site Taobao, China's version of Amazon, I thought it was hype.
updated 9:15 AM EDT, Tue October 14, 2014
Each year Yi Jiefeng does what she can to stop China turning into a desert.
updated 10:54 AM EDT, Mon October 13, 2014
As its relationship with the West worsen, Russia is pivoting east in an attempt to secure business with China.
updated 10:29 PM EDT, Tue October 7, 2014
Aspiring Chinese comics performing in Shanghai's underground comedy scene hope to bring stand-up to the masses.
updated 12:54 PM EDT, Tue September 30, 2014
Liu Wen is one of the world's highest-paid models and the first Chinese face to crack the top five in Forbes' annual list of top earners.
updated 7:44 AM EDT, Fri October 3, 2014
Cunning wolf? Working class hero? Or bland Beijing loyalist? C.Y. Leung was a relative unknown when he came to power in 2012.
updated 7:25 AM EDT, Thu October 2, 2014
 A man uses his smartphone on July 16, 2014 in Tokyo, Japan. Only 53.5% of Japanese owned smartphones in March, according to a white paper released by the Ministry of Communications on July 15, 2014. The survey of a thousand participants each from Japan, the U.S., Britain, France, South Korea and Singapore, demonstrated that Japan had the fewest rate of the six; Singapore had the highest at 93.1%, followed by South Korea at 88.7%, UK at 80%, and France at 71.6%, and U.S. at 69.6% in the U.S. On the other hand, Japan had the highest percentage of regular mobile phone owners with 28.7%. (Photo by Atsushi Tomura/Getty Images)
App hopes to help those seeking a way out of China's overstrained public health system.
updated 8:20 PM EDT, Thu October 2, 2014
Yards from pro-democracy protests, stands the Hong Kong garrison of the People's Liberation Army (PLA), China's armed forces.
updated 7:23 AM EDT, Thu October 2, 2014
The massive street rallies that have swept Hong Kong present a major dilemma for China's leadership.
updated 3:07 AM EDT, Sat September 27, 2014
Chinese wine drinkers need to develop a taste for the cheap stuff, not just premium red wines like Lafite.
updated 9:09 PM EDT, Tue September 23, 2014
The Dalai Lama, Tibet's spiritual leader, set off a media kerfuffle this month when he spoke about his next reincarnation.
updated 10:18 AM EDT, Sun September 28, 2014
He's one of the fieriest political activists in Hong Kong — he's been called an "extremist" by China's state-run media — and he's not old enough to drive.
updated 10:57 PM EDT, Mon September 22, 2014
China has no wine-making tradition but the country now uncorks more bottles of red than any other.
updated 5:29 AM EDT, Tue September 16, 2014
Christians in eastern China keep watch in Wenzhou, where authorities have demolished churches and removed crosses.
updated 1:38 AM EDT, Wed September 10, 2014
Home-grown hip-hop appeals to a younger generation but its popularity has not translated into record deals and profits for budding rap artists.
ADVERTISEMENT