Tag Archives: APT1

[Unit] 61398, The New Number of The Beast

Earlier Black Phoenix wrote about the problem with Mandiant attributing the Comment Crew hacking to the Chinese military. The recent media frenzy around yet another “China hacking” story focused on a supposedly shadowy PLA military unit in Shanghai, Unit 61398, as the “state actor” behind the cyber attacks. Their primary source, Mandiant APT1 report, even cited the address of Unit 61398 central office as 208 Datong Road in Gaochao, Pudong.

Only problem is 208 Datong Raod is the address of a kindergarden run by the not-so-secret military unit, and is open to the public:

Star Baby review

– Here’s Star Baby, a preschool ratings site, giving Unit 61298 Preschool a favorable review:

http://www.starbaby.cn/jigou/1368-jieshao

– Here’s another preschool review site with photos of the potential “hackers”:

http://www.studyget.com/youeryuan/item-660.html

– No, this is not a picture of PLA hackers using children as human shields. The kindergarden was practicing emergency preparedness, probably in response to a school attack that occurred in China:

http://www.pudong-edu.sh.cn/web/pd/45322-450000032148.htm

Having never been to the place, I would conceed the nursery school COULD be a front for China’s premier cyber espionage center – saved the fact the school’s online registration information shows it is one of the schools in Pudong that accepts foreign families.

I hope cooler heads prevail. While it is reasonable to believe the Chinese probably is doing everything we’re doing, to pin this on the Chinese military requires more compelling evidence than bunch of toddlers running around.