Skip to main content
Part of complete coverage on

What we know about the Chinese army's alleged cyber spying unit

By Zoe Li, CNN
updated 5:11 AM EDT, Tue May 20, 2014
STORY HIGHLIGHTS
  • Shadowy PLA unit coded as 61398 could be responsible for cyber espionage
  • U.S.-based security firm Mandiant studied hacking activity originating from China over a six-year period
  • Mandiant says it has details on the what, where, who, and how of unit 61398
  • Chinese authorities deny any connection between the military and cyber espionage

(CNN) -- "UglyGorilla," "KandyGoo," and "WinXYHappy" are some of the aliases used by the Chinese accused of hacking U.S. companies on Monday.

The men behind these handles are officers of the People's Liberation Army (PLA) under a unit known simply by the code 61398.

Little is confirmed about the mysterious unit 61398, a section that the Chinese authorities have not officially acknowledged. The Chinese defense ministry said the country's military "has never supported any hacker activities."

But the U.S. indictment notice pinpoints a non-descript building on Datong Road in Shanghai's Pudong District as one of the locations for unit 61398's alleged cyber espionage activities.

The Shanghai building allegedly home to a part of the PLA's unit 61398.  The Shanghai building allegedly home to a part of the PLA's unit 61398.
The Shanghai building allegedly home to a part of the PLA's unit 61398.The Shanghai building allegedly home to a part of the PLA's unit 61398.

When CNN tried to visit the building last year, our correspondents were chased away by security guards, as seen in the video above.

What is unit 61398 and what do they do? U.S.-based Internet security firm Mandiant released a 60-page report last year detailing allegations against the shadowy unit over a six-year period.

U.S. vulnerable to Chinese cyberspies?
Chinese accused of hacking US secrets
Snowden: U.S. hacked targets in China

According to Mandiant's document and the U.S. indictment, here's what we know about the secret division.

Capable

Mandiant says unit 61398 is also known as the "comment crew," and has systematically stolen hundreds of terabytes of data from at least 141 organizations across 20 industries worldwide since as early as 2006.

Large

Mandiant estimates that more than 1,000 servers are being used by unit 61398.

The security firm believes the unit employs anywhere from hundreds to thousands of staff. A look at the physical size of the building in Shanghai -- 12 floors high, with more than 130,000 square feet of space -- suggests the unit could house around 2,000 people.

Focused

Mandiant observed 141 companies targeted by unit 61398, out of which 115 were in the United States. These were blue-chip companies in important industries such as aerospace, satellite and telecommunications, and information technology -- strategic industries that were identified in China's five year plan for 2011 to 2015.

"It's really a who's who of American companies," says Grady Summers, Mandiant's vice president.

Some of the alleged victims included in the latest indictment are U.S. Steel Corp., Westinghouse, Alcoa, Allegheny Technologies, the United Steel Workers Union and SolarWorld.

Well-supported

Unit 61398 was given a special fiber optic communication infrastructure by state-owned enterprise China Telecom in the name of national defense, Mandiant reported.

Tricky

The accused Chinese hackers reportedly use spear-phishing to hack into companies. The simple trick makes scam emails appear like they are from someone the receiver actually knows. For example, the emails would be personally addressed and signed by another employee in the same company.

Spear-phishers may scan social media to find out personal details about a victim to make the scam emails seem legitimate.

Tip of the iceberg

Unit 61398 is just one of more than 20 cyber attack groups with origins in China, says Mandiant.

ADVERTISEMENT
Part of complete coverage on
updated 8:53 PM EST, Mon November 24, 2014
China is building an island in the South China Sea that could accommodate an airstrip, according to IHS Jane's Defence Weekly.
updated 5:57 AM EST, Wed November 19, 2014
North Korean refugees face a daunting journey to reach asylum in South Korea, with gangs of smugglers the only option.
updated 6:19 PM EST, Fri November 21, 2014
China and "probably one or two other" countries have the capacity to shut down the nation's power grid and other critical infrastructure.
updated 5:39 AM EST, Fri November 21, 2014
It'd be hard to find another country that has spent as much, and as furiously, as China on giving its next generation a head start.
updated 12:32 AM EST, Tue November 18, 2014
In 1985, Meng Weina set up China's first private special needs school in the southern city of Guangzhou.
updated 3:14 PM EST, Wed November 12, 2014
Despite China's inexorable economic rise, the U.S. is still an indispensable ally, especially in Asia. No one knows this more than the Asian giant's leaders, writes Kerry Brown.
updated 10:38 PM EST, Wed November 12, 2014
For the United States and China to announce a plan reducing carbon emissions by almost a third by the year 2030 is a watershed moment for climate politics on so many fronts.
updated 3:26 PM EST, Mon November 17, 2014
China shows off its new stealth fighter jet, but did it steal the design from an American company? Brian Todd reports.
updated 8:01 PM EST, Mon November 10, 2014
Airshow China in Zhuhai provides a rare glimpse of China's military and commercial aviation hardware.
updated 8:14 AM EST, Wed November 12, 2014
A new exchange initiative aims to bridge relations between the two countries .
updated 12:51 AM EST, Tue November 11, 2014
Xi and Abe's brief summit featured all the enthusiasm of two unhappy schoolboys forced to make up after a schoolyard dust-up.
updated 8:12 PM EST, Mon November 10, 2014
Maybe you've decided to show your partner love with a new iPhone. But how about 99 of them?
updated 9:19 PM EST, Sun November 2, 2014
Can China's Muslim minority fit in? One school is at the heart of an ambitious experiment to assimilate China's Uyghurs.
updated 9:55 AM EST, Tue November 4, 2014
Facebook founder Mark Zuckerberg is one of thousands of Americans learning Chinese.
updated 12:00 AM EST, Tue November 4, 2014
Taiwanese President Ma Ying-jeou says he needs to maintain good economic ties with China while trying to keep Beijing's push for reunification at bay.
updated 1:28 AM EDT, Thu October 30, 2014
Chinese drone-maker DJI wants to make aerial photography drones mainstream despite concerns about privacy.
updated 1:18 AM EDT, Wed October 29, 2014
A top retired general confesses to taking bribes, becoming the highest-profile figure in China's military to be caught up in war on corruption.
ADVERTISEMENT