Article Lead Image

Second Chinese military hacker stronghold uncovered, report claims

The cold cyberwar between the U.S. and China is getting hotter.


Kevin Collier


Posted on Jun 10, 2014   Updated on May 31, 2021, 4:07 am CDT

A new cybersecurity report claims to have found a second Chinese army building as a source of attacks on U.S. corporations.

The 62-page report, published by cybersecurity firm Crowdstrike, claims that a building in Shanghai identified as PLA (People’s Liberation Army) 61486 is the source of scores of attacks, often on the aerospace, communications, and satellite industries. Many of those attacks, Crowdstrike claims, came through exploits of commonly used programs like Adobe Reader and Microsoft Office. The New York Times wrote Monday that it was able to verify the report’s claims, at least in part.

Crowdstrike’s claim follows a February 2013 report from cybersecurity firm Mandiant, which alleges that another Chinese military building in Shanghai, identified as PLA 61398, was also a major source of attacks on the U.S. China officials vehemently denied those reports at the time, citing the fact that hackers can easily hide their tracks, and in turn accused the U.S. of similar attacks.

On May 19, the U.S. Department of Justice took the unprecedented step of charging five members of the Chinese military for their alleged role in PLA 61398 attacks, and the FBI pushed the accused hackers to the top of its “Cyber’s Most Wanted” list of criminals. This is widely seen as a statement against alleged hacking, as China isn’t expected to extradite those five anytime soon.

Crowdstrike’s report went to far as to track down one of those alleged hackers by his email address to find a Picasa album believed to be his. Some photos show him in PLA clothing, and an album titled “Office” shows the inside and outside of building the firm believes to be Unit 61486.

Photo via Jeffrey Beall (CC BY SA 2.0) | Remix by Jason Reed

Share this article
*First Published: Jun 10, 2014, 2:09 pm CDT