Mandiant said in a report that the group was a People's Liberation Army unit under cover A new report traces a large cybersecurity threat group to China’s People’s Liberation Army, specifically an unit that goes under the cover name “Unit 61398”.Security company Mandiant said in a report released Tuesday that an Advanced Persistent Threat group it called APT1 was one of the most persistent of China’s cyberthreat actors because of its likely government support.“In seeking to identify the organization behind this activity, our research found that People’s Liberation Army (PLA’s) Unit 61398 is similar to APT1 in its mission, capabilities, and resources,” Mandiant said in its report. “PLA Unit 61398 is also located in precisely the same area from which APT1 activity appears to originate.”Unit 61398 is said to be located in a 130,663 square-foot building on Datong Road in Gaoqiaozhen, in the Pudong New Area of Shanghai. The nature of the work of “Unit 61398” is considered by China to be a state secret, but Mandiant said it believes it engages in harmful computer network operations.The group has a sinister track record, according to Mandiant, as since 2006, it has observed APT1 compromise 141 companies spanning 20 major industries. 87 percent of the target companies are headquartered in countries where English is the native language, and are in industries that China has identified as strategic. APT1 uses tools that the security firm finds have not been used by other groups, including two tools for stealing emails called GETMAIL and MAPIGET. Once the group has established access, it periodically revisits the victim’s network over several months or years to steal a variety of intellectual property, including technology blueprints, proprietary manufacturing processes, test results, business plans, pricing documents, partnership agreements, and emails and contact lists from the leadership of the victim organizations, Mandiant said.China’s Foreign Ministry said on Tuesday the nation is firmly opposed to hacking, and has supported regulation to prevent cyberattacks. The government has previously denied accusations that Chinese hackers attacked major newspapers.The country has also been the victim of hacking, with the number one origins for those attacks coming from the U.S., said ministry spokesman Hong Lei during a press conference.“Cyber attacks are transnational and anonymous. Its very hard to trace the origins of the attacks. I don’t know how this evidence in the relevant report is tenable,” he added.[With additional inputs from Michael Kan in Beijing] Related content opinion Preparing for the post-quantum cryptography environment today It’s a mistake to put off the creation of precautions against quantum threats, no matter how far in the future you might think quantum computing will become a reality. By Christopher Burgess Sep 26, 2023 5 mins CSO and CISO Encryption Threat and Vulnerability Management feature What is WorldCoin's proof-of-personhood system? What does the blockchain, AI, and custom hardware system featuring a shiny, eye-scanning orb mean for the future of identity access management? By Matthew Tyson Sep 26, 2023 12 mins Cryptocurrency Cryptocurrency Cryptocurrency news analysis DHS unveils one common platform for reporting cyber incidents Ahead of CISA cyber incident reporting regulations, DHS issued a report on harmonizing 52 cyber incident reporting requirements, presenting a model common reporting platform that could encompass them all. By Cynthia Brumfield Sep 25, 2023 10 mins Regulation Government Incident Response news Chinese state actors behind espionage attacks on Southeast Asian government The distinct groups of activities formed three different clusters, each attributed to a specific APT group. By Shweta Sharma Sep 25, 2023 4 mins Advanced Persistent Threats Cyberattacks Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe