Shanghai is a vibrant city in China, and it could also be the home of Unit 61938, a group linked to attacks on various western entities and businesses, including Coca-Cola. A long paper trail could have traced the group to a 12-story office block on Datong Road, in the outskirts of the populous city.
American intelligence officials say they’ve tapped into the unit’s activities for years and there’s not much doubt this building is where it comes from. It’s a 12-story office tower on the outskirts of Shanghai, like you’d find anywhere else in the world.
The hackers are sometimes referred to as the Comment Crew or the Shanghai Group, and it has long been suspected they are state funded. A particularly strong argument is that they are operated by army officers or contractors.
Unlike many smaller groups, the Shanghai Group does not hit absolutely everything they can. Since 2006, there have been roughly 140 cases of their work being documented.
Unsurprisingly, the Chinese Ministry of Foreign Affairs called the allegations “unprofessional.” The government has plans for a more aggressive defense in motion, and they will not publicly link the groups and the People's Liberation Army together.
Unit 61398 is one of the most elusive groups in the Chinese army. Formally referred to as the 2nd Bureau of the People’s Liberation Army’s General Staff Department’s 3rd Department, documentation of the group is lacking.
The amount of evidence collected so far has been enough to identify two names: “UglyGorilla” and “DOTA.” These two names have been responsible for spreading malware that would soften things up and let them really wreak havoc. It was this trick which helped in attacking Coca-Cola; malware in an email gave them an entry point to the network. DOTA was found to frequently rely on a password based on his unit’s designation – as always, the weakest link in the chain is human.
Hacking isn’t easy, and contrary to what Hollywood shows you, it isn’t always about green monospace text shooting across the screen. Mandiant, the security firm responsible for most of this research, has managed to somehow record footage of DOTA working his magic.
The video itself provides a fascinating glimpse into what these groups do and how they do it.