This article is more than 1 year old

What's happened since Beijing's hacker unit was exposed? Nothing

Snowden gets PLA 61398 off the hook, but it's now hacking harder than ever

Chinese hacker unit PLA 61398 is hacking US companies harder than ever after bilateral talks between Beijing and Washington were interrupted by Snowden leaks, according to Mandiant boss Kevin Mandia.

The hack squad, also known as APT1, was subject to a high profile exposure by the company in February last year. Its state-sponsored members were revealed to have leached hundreds of terabytes of data from hacked US companies from a Shanghai office block surrounded by restaurants and massage parlours.

Western media coverage of the hacks was plentiful, prompting US President Barack Obama to state on TV that the US was engaged in "tough talks" with China over state-sponsored attacks, and a US bill to be signed banning the acquisition of Chinese state-owned technology by US Government agencies.

But those talks had no effect, chief executive Kevin Mandia says.

"Seven years of history, 141 victim companies, a tonne of evidence, and we published," Mandia said. "Fast forward a year later, and here's what happened: Nothing."

However he said a tense phone call between the White House and Beijing was dampened after the first of a series of NSA spying revelations was published by document dropper Edward Snowden.

"We didn't have the impact we wanted to have," Mandia told delegates at the MIRCon conference in Washington DC today. "We thought with a little exposure we could change the rules of engagement - maybe we'll (the US) have a bilateral discussion with China and Russia, as nation states and come up with rules of engagement for how we will compromise each other."

He said governments should pop each other only for security reasons and not to gain private sector advantage.

Instead, Mandia said the group went offline for 41 days and has now returned hacking the US private sector harder than ever.

Not all state-sponsored groups were so professional. In 2013, Iranian hackers broke into an unnamed company and "RARed C:/", taking 6TB of data of which 5.5TB was operating system files.

"Yeah, gimme mouse pointers, all 2000 of em," Mandia said.

They have since improved, along with financial-drive hackers which were for the first time seemingly untraceable having deployed 100 percent solid operational security, he said. ®

Darren Pauli travelled to Washington DC as a guest of FireEye.

More about

More about

More about


Send us news

Other stories you might like