View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. What Is
May 20, 2014updated 22 Sep 2016 11:27am

What is PLA Unit 61398 and who are the five Chinese hackers?

US indicts Chinese military cyber troops alleged to have stole industrial information.

By Ben Sullivan

US authorities have indicted five Chinese military officers with cyber espionage charges yesterday for allegedly targeting American companies and stealing information for commercial advantage.

In the country’s first ever hacking case brought against individuals working for the government, it is said that the hackers targeted nuclear power plants, metals and solar products industries to steal information for Chinese competitors.

Yesterday, US attorney general John Carlin said: "We allege that members of unit 61398 conspired to hack into computers of six US victims to steal information that would provide an economic advantage to the victims’ competitors, including Chinese state-owned enterprises."

The indictment referenced Chinese Army officers Gu Chunhui, Wang Dong, Sun Kailiang, Wen Xinyu, and Huang Zhenyu, The five men are members of a military arm called Unit 61398.

"In the past, when we brought concerns such as these to Chinese government officials, they responded by publicly challenging us to provide hard evidence of their hacking that could stand up in court. Well today, we are," said Carlin.

China has responded the allegations, denying the charges and calling them "purely ungrounded and absurd."

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

"This U.S. move, which is based on fabricated facts, grossly violates the basic norms governing international relations and jeopardizes China-U.S. cooperation and mutual trust," said Foreign Ministry Spokesperson Qin Gang. "The Chinese government, the Chinese military and their relevant personnel have never engaged or participated in cyber theft of trade secrets.

"It is a fact known to all that relevant U.S. institutions have long been involved in large-scale and organized cyber theft as well as wiretapping and surveillance activities against foreign political leaders, companies and individuals," he said.

"China is a victim of severe U.S. cyber theft, wiretapping and surveillance activities."

However, Bob West, chief trust officer at US cloud security firm CipherCloud, said: "The US government is toughening up its language against nation-state and industrial cyber-espionage. We’re calling out the Chinese government for its role fostering theft of American intellectual property and doing it by naming specific hackers with military ties.

"The US government isn’t trying to provide the private sector with competitive advantage, which is clearly the case with China’s spying activities."

What is Unit 61398?


Photo: Reuters

Unit 61398 is a mysterious division of the Chinese military, and rumoured responsible for many cyber attacks against Western businesses.

The unit is housed in a 12-storey building near Shanghai, and is beloieved to be made up of thousands of cyber troops that follow command of the People’s Liberation Army.

Jen Weedon, threat intelligence manager at FireEye, a US cybersecurity firm, said that China is unique in that it uses its military to gain commercial advantages over foreign competitors.

"What makes Unit 61398 stand out is that it is operating under government orders but carrying out espionage for corporate reasons," she said.

Who are the alleged hackers?


Wang Dong, known by his online pseudonym Ugly Gorilla, has been active on Chinese military forums since 2004. In 2013, security firm Mandiant tracked an online user going by the name of UglyGorilla and traced his IP address to the Shanghai base of Unit 61398.

Wang is alleged to have controlled victims’ computers.


Sun Kailiang, who went by the name of Jack Sun, held the rank of captain during the early stages of the investigation, and was caught both sending malicious e-mails and controlling victim computers.


WinXYHappy, also known as Wen Zinyu, allegedly controlled victims’ computers.


Huang Zhenyu, going by the online persona of Hzy_lhx, was a computer programmer who managed the domain accounts of the other hackers in the group.


Gu Chunhui, aka KandyGoo, tested malicious e-mail messages and also managed the domain accounts used by the others.


Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.