Unit 61398: A Chinese cyber espionage unit on the outskirts of Shanghai?

Graham Cluley
Graham Cluley
@[email protected]

Made in China. Image from ShutterstockSecurity researchers at Mandiant have published a lengthy report [PDF], which appears to track a notorious hacking gang right to the door of a building belonging to the People’s Liberation Army of China.

In its report, Mandiant says it believes it has traced a series of attacks back to the Pudong New Area on the outskirts of Shanghai, the same location as a 130,663 square foot PLA facility known as “Unit 61398”.

Unit 61398 staff are said to have been trained in computer security, and are required to be proficient in the English language.

The report has caught the attention of the world’s media, after the New York Times published a detailed story about the report earlier today.

New York Times report

It shouldn’t be forgotten, of course, that the New York Times itself was recently hacked, and pointed the finger of blame firmly in the direction of China.

As we’ve discussed before, attribution is the key problem in these stories. How can you prove that country X was behind an internet attack, rather than – say – a patriotic hacker working from his back bedroom, or a hijacked PC controlled by a hacker in a different country?

At the same time, we shouldn’t be naive. Countries around the world (not just the Chinese) are using the internet to spy on each other and gain advantage – whether it be political, financial or military.

Sign up to our free newsletter.
Security news, advice, and tips.

Mandiant has certainly put together a hefty report – and it’s well worth a read. Naturally, the Chinese government has debunked the claims.

Made in China image from Shutterstock.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.