Chinese PLA Unit 61398 indictments (2014)

From International cyber law: interactive toolkit
Jump to navigation Jump to search
Date 19th May 2014
Suspected actor The U.S. Government identified five members of the Chinese People's Liberation Army of the Unit 61398 (known to be the cyber-unit of the People's Liberation Army) as the authors of the hacking operation.
Target Networks and business data (such as trade secrets, internal communication data and other sensitive business information) of multiple large US companies of the nuclear power, metals and solar products industries, such as Westinghouse Electric Co. (Westinghouse), U.S. subsidiaries of SolarWorld AG (SolarWorld) and United States Steel Corp. (U.S. Steel).
Method The individuals hacked into the computer networks of the targeted companies and stole a range of confidential information.

The group sent spearphishing e-mails to U.S. Steel employees, which led to the installation of malware on U.S. Steel computers. This enabled the group to steal hostnames and descriptions of U.S. Steel computers and to identify and exploit vulnerable servers on that list.

Purpose The operation was aimed at accessing the computers of the named companies and to steal confidential business information of the latter which could be useful to competing Chinese companies. The stolen information ranged from only proprietary technical and design specifications for pipes and production line information costs to emails of senior employees containing future business and sensitive innovation strategies. Additionally, the hackers stole privileged attorney-client communications relating to ongoing trade litigation in order to manipulate the outcome of the trade dispute.
Aftermath In May 2014 the U.S. authorities publicly indicted five members of the hacking group for computer hacking and economic espionage directed at six U.S.[1] companies. More specifically, the indictment alleges that the group conspired to hack into the networks of US companies in order to maintain unauthorized access to their computers and to steal confidential business information which would then grant an advantage to Chinese competitor businesses.
Analysed in Scenario 09: Economic cyber espionage