Shanghai could be home to secretive Chinese hackers

Shanghai is a vibrant city in China, and it could also be the home of Unit 61938, a group linked to attacks on various western entities and businesses, including Coca-Cola. A long paper trail could have traced the group to a 12-story office block on Datong Road, in the outskirts of the populous city.

American intelligence officials say they’ve tapped into the unit’s activities for years and there’s not much doubt this building is where it comes from. It’s a 12-story office tower on the outskirts of Shanghai, like you’d find anywhere else in the world.

The hackers are sometimes referred to as the Comment Crew or the Shanghai Group, and it has long been suspected they are state funded. A particularly strong argument is that they are operated by army officers or contractors.

Unlike many smaller groups, the Shanghai Group does not hit absolutely everything they can. Since 2006, there have been roughly 140 cases of their work being documented.

Unsurprisingly, the Chinese Ministry of Foreign Affairs called the allegations “unprofessional.” The government has plans for a more aggressive defense in motion, and they will not publicly link the groups and the People's Liberation Army together.

Unit 61398 is one of the most elusive groups in the Chinese army. Formally referred to as the 2nd Bureau of the People’s Liberation Army’s General Staff Department’s 3rd Department, documentation of the group is lacking.

The amount of evidence collected so far has been enough to identify two names: “UglyGorilla” and “DOTA.” These two names have been responsible for spreading malware that would soften things up and let them really wreak havoc. It was this trick which helped in attacking Coca-Cola; malware in an email gave them an entry point to the network. DOTA was found to frequently rely on a password based on his unit’s designation – as always, the weakest link in the chain is human.

Hacking isn’t easy, and contrary to what Hollywood shows you, it isn’t always about green monospace text shooting across the screen. Mandiant, the security firm responsible for most of this research, has managed to somehow record footage of DOTA working his magic.

The video itself provides a fascinating glimpse into what these groups do and how they do it.

Source: New York Times and Washington Post | Image via Shutterstock

Report a problem with article
Previous Story

Microsoft Lync 2013 Skype support revealed; mobile app ports coming soon

Next Story

First of two Windows Blue dev milestones reached ahead of August 2013 launch?

18 Comments

Commenting is disabled on this article.

World's biggest city is Tokyo, not Shanghai
World's biggest metropolitan area is Pearl River Delta - Foshan, Guangzhou, Dongguan, Shenzhen, Hong Kong, etc

Hmm .. this office will be staffed with cute Chinese girls wearing bits of PLA uniforms ... I'm off to arrange an inspection !

Terry Nuz said,
what china makes is sh.t

Indeed, I wouldn't buy an iPhone if you paid me.....
By the way, are your comments made in China too?

lol @ the obvious headline.

In other news, Tel Aviv could be home to secretive Israeli hackers, Tehran could be home to secretive Iranian hackers, Cairo could be home to secretive Egyptian hackers, and St. Petersburg could be home to secretive Russian hackers... etc.

this is why doing business with china is doing business with the devil.
step 1) china offers its manufacturing help
step 2) china hacks your country's economic engine and steals all the IP
step 3) china takes your country's ip and re-sells it as their own or uses it against you
step 3) china moves on once your country is bankrupt to the next foolish country

Fritzly said,
You forgot that it is China that keep funding the US public debt.....

China only holds 8% of the US's public debt.... the majority of it is owned by the US Gov, Social Security, Tresury, retirement accounts, and the rest is owned by investors (non-government) and then foreign gov's... of which China is only 8% of the total debt owned

Only? China is the largest foreign creditor with 1.2 trillion; the third largest creditor after Social Security Trust Fund and Federal Reserve.
BTW foreign governments own 46% of US debt.

Our government's too busy violating everyone else to care about how national defense should be protecting private companies at home. Sickening.

Snake89 said,
No such thing as a secure OS when it's connected to the internet. Some systems are just alot easier to gain access to then others.

The best security software of all is called "Common Sense".


Fair enough, but for a security firm not using the latest OS, or even hackers for that matter... is kinda stupid in my view.
There is a huge difference in security between XP and 8, no matter how much security tools you install

Snake89 said,
No such thing as a secure OS when it's connected to the internet. Some systems are just alot easier to gain access to then others.

The best security software of all is called "Common Sense".


Fair enough, but for a security firm not using the latest OS, or even hackers for that matter... is kinda stupid in my view.
There is a huge difference in security between XP and 8, no matter how much security tools you install

Snake89 said,

If you really think about it. the newest version got more security flaws in it then older versions.

Alot of holes in windows 8 are just waiting to be found, at least in older versions you know alot of them are patched up.


Windows 8 is a continued development of Windows XP, yes the more gets added to the OS, the more possible holes there will be. But its basically the same OS just a newer version.
But Windows 8 has allot of changes under the hood that make Windows 8 allot more secure without 3rd party help then Windows XP with 3rd party help.

Even simple things like ASLR