Chinese Army's Unit 61398 Hacking Group Back in Action

http://www.nationaldefensemagazine.org/blog/Lists/Posts/Post.aspx?List=7c996cd7-cbb4-4018-baf8-8825eada7aa2&ID=1145&RootFolder=%2Fblog%2FLists%2FPosts

By Yasmin Tadjdeh

An infamous hacking group affiliated with China's military that was exposed in February has quietly returned after laying low for several months, said an expert with the consulting firm that outed it.

Mandiant released a report that pinned numerous cyber-intrusions on Unit 61398 of China's People Liberation Army. The unit, which is based in Shanghai, curtailed its activities after the report's initial release, said Richard Bejtlich, the firm's chief security officer, but it has recently begun to pick up where it left off.

"The group itself went quiet for a while. They changed the nature of their activities [and] they removed some of the tools they had been using inside different companies. But over the course of the last several weeks, it seems like they are starting to come back and ramp up," Bejtlich said May 15 at the Center for National Policy, a Washington, D.C.-based think tank.

Unit 61398 has been linked to the theft of huge amounts of intellectual property throughout the world, according to the Mandiant report. It has stolen hundreds of terabytes of data from at least 141 organizations, with the majority of them based in English-speaking countries. It is possible that the unit employs hundreds of operators, the report said.

Besides Unit 61398, Mandiant is monitoring 23 other known hacker groups throughout the world. While he could not say exactly how much data has been stolen, he said it is enormous.

But the threat isn't just in lost data, Bejtlich said. If a group can infiltrate a network to steal data, it can also destroy that network.

"Whenever you hear someone say, 'Don't worry, it's just espionage.' [It's important to realize that] espionage easily can escalate to destruction. It's just the prerogative of the intruder," said Bejtlich.

Another issue Betjlich highlighted was the corruption of data, which he called a "middle ground" between espionage and destruction.

"In some ways it's the toughest one to identify because most companies don't necessarily know what the data should be," he said.

Several cyber security bills were introduced into Congress during the 112th session, but none came to fruition. Earlier this year, President Barack Obama announced an executive order which asked in part for an expansion of the Defense Industrial Base Information Sharing Program, which alerts the Defense Department to attacks on participating companies' software.
While Bejtlich called on Congress to pass legislation, he also said solutions could be found by countries working together. Better communication between nations, and firmer regulations and rules could help alleviate some cyber-attacks. Even a pact between just a handful of countries would be beneficial if it could evolve beyond only talking, Bejtlich said.

"I think government-to-government discussions are necessary, but they will not be sufficient. I think we will ultimately be disappointed if it's simply a discussion," said Bejtlich.

The United States, United Kingdom, Canada, Australia, New Zealand and Israel are the top countries in the world when it comes to cyberdefense, said Bejtlich. Japan and South Korea are also beefing up their defensive capabilities in light of more frequent attacks, he said.
Photo Credit: Thinkstock