SYMBOLCOMMON_NAMEaka. SYNONYMS

Comment Crew  (Back to overview)

aka: Comment Panda, PLA Unit 61398, APT 1, APT1, Advanced Persistent Threat 1, Byzantine Candor, Group 3, TG-8223, Comment Group, Brown Fox, GIF89a, ShadyRAT, Shanghai Group

PLA Unit 61398 (Chinese: 61398部队, Pinyin: 61398 bùduì) is the Military Unit Cover Designator (MUCD)[1] of a People's Liberation Army advanced persistent threat unit that has been alleged to be a source of Chinese computer hacking attacks


Associated Families
win.tabmsgsql win.goggles win.kurton win.bangat win.starsypound win.hacksfase win.glooxmail win.combos win.webc2_rave win.webc2_table win.bouncer win.manitsme win.webc2_kt3 win.webc2_greencat win.getmail win.webc2_adspace win.biscuit win.webc2_qbp win.webc2_head win.helauto win.seasalt win.cookiebag win.webc2_div win.newsreels win.dairy win.mapiget win.auriga win.webc2_ausov win.webc2_yahoo win.tarsip win.miniasp win.webc2_bolid win.webc2_ugx win.sword win.webc2_cson

References
2019Council on Foreign RelationsCyber Operations Tracker
@online{tracker:2019:pla:33f5d12, author = {Cyber Operations Tracker}, title = {{PLA Unit 61398}}, date = {2019}, organization = {Council on Foreign Relations}, url = {https://www.cfr.org/interactive/cyber-operations/pla-unit-61398}, language = {English}, urldate = {2019-12-20} } PLA Unit 61398
Comment Crew
2019MITREMITRE ATT&CK
@online{attck:2019:apt1:9f69f1f, author = {MITRE ATT&CK}, title = {{Group description: APT1}}, date = {2019}, organization = {MITRE}, url = {https://attack.mitre.org/groups/G0006/}, language = {English}, urldate = {2019-12-20} } Group description: APT1
Comment Crew
2018-10-18McAfeeRyan Sherstobitoff, Asheer Malhotra
@techreport{sherstobitoff:20181018:operation:f7a178c, author = {Ryan Sherstobitoff and Asheer Malhotra}, title = {{‘Operation Oceansalt’ Attacks South Korea, U.S., and Canada With Source Code From Chinese Hacker Group}}, date = {2018-10-18}, institution = {McAfee}, url = {https://www.mcafee.com/enterprise/en-us/assets/reports/rp-operation-oceansalt.pdf}, language = {English}, urldate = {2020-01-07} } ‘Operation Oceansalt’ Attacks South Korea, U.S., and Canada With Source Code From Chinese Hacker Group
Oceansalt Comment Crew
2018-10-17Raj Samani, Ryan Sherstobitoff
@online{samani:20181017:operation:0b1d8ce, author = {Raj Samani and Ryan Sherstobitoff}, title = {{‘Operation Oceansalt’ Delivers Wave After Wave}}, date = {2018-10-17}, url = {https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/operation-oceansalt-delivers-wave-after-wave/}, language = {English}, urldate = {2019-10-17} } ‘Operation Oceansalt’ Delivers Wave After Wave
Comment Crew
2018MandiantMandiant
@techreport{mandiant:2018:apt1:b76cc4d, author = {Mandiant}, title = {{APT1}}, date = {2018}, institution = {Mandiant}, url = {https://github.com/securitykitten/malware_references/blob/master/Appendix%20C%20(Digital)%20-%20The%20Malware%20Arsenal.pdf}, language = {English}, urldate = {2020-01-13} } APT1
Auriga Biscuit Bouncer Combos CookieBag Dairy GetMail GlooxMail Goggles Hacksfase Helauto Kurton ManItsMe MAPIget MiniASP NewsReels SeaSalt StarsyPound Sword TabMsgSQL Tarsip WebC2-AdSpace WebC2-Ausov WebC2-Bolid WebC2-Cson WebC2-DIV WebC2-GreenCat WebC2-Head WebC2-Kt3 WebC2-Qbp WebC2-Rave WebC2-Table WebC2-UGX WebC2-Yahoo
2018FireEyeFireEye
@techreport{fireeye:2018:forrester:ae307d3, author = {FireEye}, title = {{The Forrester New Wave™: External Threat Intelligence Services, Q3 2018.}}, date = {2018}, institution = {FireEye}, url = {http://intelreport.mandiant.com/Mandiant_APT1_Report.pdf}, language = {English}, urldate = {2020-01-08} } The Forrester New Wave™: External Threat Intelligence Services, Q3 2018.
Comment Crew
2014-05-19The New York TimesMichael S. Schmidt, David E. Sanger
@online{schmidt:20140519:5:fcd4c7c, author = {Michael S. Schmidt and David E. Sanger}, title = {{5 in China Army Face U.S. Charges of Cyberattacks}}, date = {2014-05-19}, organization = {The New York Times}, url = {https://www.nytimes.com/2014/05/20/us/us-to-charge-chinese-workers-with-cyberspying.html}, language = {English}, urldate = {2020-01-13} } 5 in China Army Face U.S. Charges of Cyberattacks
Comment Crew
2014-03-12FireEyeNed Moran, Mike Oppenheim
@online{moran:20140312:detailed:79efe09, author = {Ned Moran and Mike Oppenheim}, title = {{A Detailed Examination of the Siesta Campaign}}, date = {2014-03-12}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2014/03/a-detailed-examination-of-the-siesta-campaign.html}, language = {English}, urldate = {2019-12-20} } A Detailed Examination of the Siesta Campaign
Comment Crew Siesta
2014-03-06Trend MicroMaharlito Aquino
@online{aquino:20140306:siesta:9a574bc, author = {Maharlito Aquino}, title = {{The Siesta Campaign: A New Targeted Attack Awakens}}, date = {2014-03-06}, organization = {Trend Micro}, url = {https://blog.trendmicro.com/trendlabs-security-intelligence/the-siesta-campaign-a-new-targeted-attack-awakens/}, language = {English}, urldate = {2020-01-13} } The Siesta Campaign: A New Targeted Attack Awakens
Comment Crew
2013-02-20FireEyeMandiant
@online{mandiant:20130220:1:7fa9646, author = {Mandiant}, title = {{APT 1 Malware Arsenal Technical Annex}}, date = {2013-02-20}, organization = {FireEye}, url = {https://www.slideshare.net/YuryChemerkin/appendix-c-digital-the-malware-arsenal}, language = {Mandiant}, urldate = {2020-01-08} } APT 1 Malware Arsenal Technical Annex
bangat
2013-02-19WikipediaVarious
@online{various:20130219:pla:8419d10, author = {Various}, title = {{PLA Unit 61398}}, date = {2013-02-19}, organization = {Wikipedia}, url = {https://en.wikipedia.org/wiki/PLA_Unit_61398}, language = {English}, urldate = {2020-01-08} } PLA Unit 61398
Comment Crew
2013-02-19SymantecSymantec Security Response
@online{response:20130219:apt1:08c1ae6, author = {Symantec Security Response}, title = {{APT1: Q&A on Attacks by the Comment Crew}}, date = {2013-02-19}, organization = {Symantec}, url = {https://www.symantec.com/connect/blogs/apt1-qa-attacks-comment-crew}, language = {English}, urldate = {2019-12-18} } APT1: Q&A on Attacks by the Comment Crew
Comment Crew
2013-02-19FireEyeFireEye
@techreport{fireeye:20130219:apt1:8d8a51a, author = {FireEye}, title = {{APT1: Exposing One of China’s Cyber Espionage Units}}, date = {2013-02-19}, institution = {FireEye}, url = {https://www.fireeye.com/content/dam/fireeye-www/services/pdfs/mandiant-apt1-report.pdf}, language = {English}, urldate = {2020-01-06} } APT1: Exposing One of China’s Cyber Espionage Units
Comment Crew
2013-02-19SymantecA L Johnson
@online{johnson:20130219:apt1:ee9c94f, author = {A L Johnson}, title = {{APT1: Q&A on Attacks by the Comment Crew}}, date = {2013-02-19}, organization = {Symantec}, url = {https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument?DocumentKey=f1265df5-6e5e-4fcc-9828-d4ddbbafd3d7&CommunityKey=1ecf5f55-9545-44d6-b0f4-4e4a7f5f5e68&tab=librarydocuments}, language = {English}, urldate = {2020-04-21} } APT1: Q&A on Attacks by the Comment Crew
Comment Crew

Credits: MISP Project