Chinese PLA Unit 61398 indictments (2014)
|Date||19th May 2014|
|Suspected actor||The U.S. Government identified five members of the Chinese People's Liberation Army of the Unit 61398 (known to be the cyber-unit of the People's Liberation Army) as the authors of the hacking operation.|
|Target||Networks and business data (such as trade secrets, internal communication data and other sensitive business information) of multiple large US companies of the nuclear power, metals and solar products industries, such as Westinghouse Electric Co. (Westinghouse), U.S. subsidiaries of SolarWorld AG (SolarWorld) and United States Steel Corp. (U.S. Steel).|
|Method||The individuals hacked into the computer networks of the targeted companies and stole a range of confidential information.
The group sent spearphishing e-mails to U.S. Steel employees, which led to the installation of malware on U.S. Steel computers. This enabled the group to steal hostnames and descriptions of U.S. Steel computers and to identify and exploit vulnerable servers on that list.
|Purpose||The operation was aimed at accessing the computers of the named companies and to steal confidential business information of the latter which could be useful to competing Chinese companies. The stolen information ranged from only proprietary technical and design specifications for pipes and production line information costs to emails of senior employees containing future business and sensitive innovation strategies. Additionally, the hackers stole privileged attorney-client communications relating to ongoing trade litigation in order to manipulate the outcome of the trade dispute.|
|Aftermath||In May 2014 the U.S. authorities publicly indicted five members of the hacking group for computer hacking and economic espionage directed at six U.S. companies. More specifically, the indictment alleges that the group conspired to hack into the networks of US companies in order to maintain unauthorized access to their computers and to steal confidential business information which would then grant an advantage to Chinese competitor businesses.|
|Analysed in||Scenario 09: Economic cyber espionage|