Secretive Chinese Military Hacker Group May Be Attacking India

November 10, 2018 Updated: November 11, 2018

A unit of the Chinese military that has been linked to cyberattacks against U.S. private companies for economic espionage may now be targeting India’s national defense infrastructure.

The secretive Unit 61398 of the People’s Liberation Army in China may be involved in “geolocation intelligence collection, tracking information sources in cyberspace, interception, and deciphering of digital communication” in India, Indian news channel Zee News reported on Nov. 8, citing an unidentified Indian intelligence officer.

The Chinese hackers “attack industrial and government organizations of foreign countries and this is a cause of concern for us,” the officer said.

Chinese Military Unit

The unit is one of 22 known operations bureaus under the Third Department of the General Staff Department, also known as the warfighting branch of the Chinese military. The intelligence officer told Zee News that Unit 61398 is reportedly headquartered in the economic hub of Shanghai.

In February 2013, U.S. cybersecurity firm Mandiant released a report exposing Unit 61398 as the hackers behind a number of cyberoperations that targeted U.S. companies. The firm called the group APT 1, using industry parlance meaning “advanced persistent threat,” which is a cyberattack that seeks to not only gain access to a server of a system but to retain long-term, ongoing access.

In 2014, five hackers in the unit were indicted by U.S. federal authorities for computer hacking and economic espionage targeting U.S. nuclear- and solar-power companies.

In November 2017, U.S. prosecutors charged three Chinese nationals who were employees of Guangzhou Bo Yu Information Technology Company, a cybersecurity services firm with ties to Unit 61398, with computer hacking and theft of trade secrets. Siemens, Trimble, and Moody’s Analytics were among the companies that were allegedly hacked between 2011 and May 2017.

According to cybersecurity firm FireEye’s assessment, Unit 61398 has stolen hundreds of terabytes of data from at least 141 organizations around the world, targeting a wide range of industries such as aerospace, transportation, health care, and financial services sectors.

“The group focuses on compromising organizations across a broad range of industries in English-speaking countries. The size of APT1’s infrastructure implies a large organization with at least dozens, but potentially hundreds, of human operators,” FireEye said.

Other Threats to India

FireEye had, in fact, issued a warning at the end of last year that Chinese state-backed hackers would likely shift their focus in 2018 to countries, such as India, that Beijing considers a threat to its growing influence in the global market.

Hacker groups will likely target Indian companies for espionage. “For Indian enterprises, one of the most important security questions is, do you know who is targeting you and how they operate? The threat landscape looks very different depending on the nature of your business, the data you hold, your relationships, and more,” said Shrikant Shitole, senior director and country head for India at FireEye, in an interview with Indo-Asian News Service, an Indian news agency.

As for national defense-related hacking, in April 2010, a Chinese hacker group called “Shadow Network” tapped into top-secret files at the Indian Defense Ministry, as well as embassies around the world. Among the compromised files were information relating to India’s weapons systems.

Follow Annie on Twitter: @annieeenyc