# PLA Unit 61398 **en.wikipedia.org/wiki/PLA_Unit_61398** Contributors to Wikimedia projects This article may be expanded with text translated from **[the corresponding article in](https://zh.wikipedia.org/wiki/%E8%A7%A3%E6%94%BE%E8%BB%8D61398%E9%83%A8%E9%9A%8A)** **Chinese. (February 2013)** Click [show] for important translation instructions. [View a machine-translated version of the Chinese article.](https://translate.google.com/translate?&u=https%3A%2F%2Fzh.wikipedia.org%2Fwiki%2F%E8%A7%A3%E6%94%BE%E8%BB%8D61398%E9%83%A8%E9%9A%8A&sl=zh&tl=en&prev=_t&hl=en) [Machine translation like DeepL or](https://deepl.com/) [Google Translate is a useful starting point for](https://translate.google.com/) translations, but translators must revise errors as necessary and confirm that the translation is accurate, rather than simply copy-pasting machine-translated text into the English Wikipedia. [Consider adding a topic to this template: there are already 772 articles in the](https://en.wikipedia.org/wiki/Template:Expand_Chinese#Topics_and_categorization) [main category, and specifying |topic= will aid in categorization.](https://en.wikipedia.org/wiki/Category:Articles_needing_translation_from_Chinese_Wikipedia) Do not translate text that appears unreliable or low-quality. If possible, verify the text with references provided in the foreign-language article. You must provide [copyright attribution in the](https://en.wikipedia.org/wiki/Wikipedia:Copying_within_Wikipedia) [edit summary accompanying your](https://en.wikipedia.org/wiki/Help:Edit_summary) [translation by providing an interlanguage link to the source of your translation. A](https://en.wikipedia.org/wiki/Help:Interlanguage_links) model attribution edit summary is `Content in this edit is translated from` ``` the existing Chinese Wikipedia article at [[:zh:解放軍61398部隊]]; see its history for attribution. ``` You should also add the template `{{Translated|zh|解放軍61398部隊}} to the` [talk page.](https://en.wikipedia.org/wiki/Talk:PLA_Unit_61398) [For more guidance, see Wikipedia:Translation.](https://en.wikipedia.org/wiki/Wikipedia:Translation) **People's Liberation Army Unit** **61398** 61398部队 **Country** [People's Republic of China](https://en.wikipedia.org/wiki/China) **Branch** People's Liberation Army Strategic Support Force **Type** [Cyber force](https://en.wikipedia.org/wiki/Cyber_force) [Cyber warfare](https://en.wikipedia.org/wiki/Cyberwarfare_in_China) **Role** [Electronic warfare](https://en.wikipedia.org/wiki/Electronic_warfare) **Garrison/HQ** [Tonggang Road, Pudong,](https://en.wikipedia.org/wiki/Pudong) [Shanghai](https://en.wikipedia.org/wiki/Shanghai) ----- **Nickname(s)** **Engagements** APT 1 Comment Crew Comment Panda GIF89a Byzantine Candor Group 3 Threat Group 8223 [Operation GhostNet](https://en.wikipedia.org/wiki/GhostNet) [Operation Aurat](https://en.wikipedia.org/w/index.php?title=Operation_Aurat&action=edit&redlink=1) [Operation Shady RAT](https://en.wikipedia.org/wiki/Operation_Shady_RAT) **PLA Unit 61398 (also known as APT 1, Comment Crew, Comment Panda, GIF89a, and** **[Byzantine Candor) (Chinese: 61398部队,](https://en.wikipedia.org/wiki/Chinese_language)** [Pinyin: 61398 bùduì) is the Military Unit Cover](https://en.wikipedia.org/wiki/Pinyin) Designator (MUCD)[1] of a [People's Liberation Army](https://en.wikipedia.org/wiki/People%27s_Liberation_Army) [advanced persistent threat unit that has](https://en.wikipedia.org/wiki/Advanced_persistent_threat) [been alleged to be a source of Chinese computer hacking attacks.[2][3]](https://en.wikipedia.org/wiki/Hacker_(computer_security)) The unit is stationed in [Pudong,](https://en.wikipedia.org/wiki/Pudong) [Shanghai.[4]](https://en.wikipedia.org/wiki/Shanghai) ## History From left, Chinese military officers Gu Chunhui, Huang Zhenyu, Sun Kailiang, Wang Dong, and Wen Xinyu indicted on cyber espionage charges. [See also: Chinese information operations and information warfare](https://en.wikipedia.org/wiki/Chinese_information_operations_and_information_warfare) ### 2014 indictment [On 19 May 2014, the US Department of Justice announced that a Federal grand jury had](https://en.wikipedia.org/wiki/US_Department_of_Justice) returned an indictment of five 61398 officers on charges of theft of confidential business [information and intellectual property from U.S. commercial firms and of planting malware on](https://en.wikipedia.org/wiki/Malware) their computers.[5][6] The five are Huang Zhenyu (黄振宇), Wen Xinyu (文新宇), Sun Kailiang (孙凯亮), Gu Chunhui (顾春晖), and Wang Dong (王东). Forensic evidence traces the base of [operations to a 12-story building off Datong Road in a public, mixed-use area of Pudong in](https://en.wikipedia.org/wiki/Pudong) Shanghai.[2] The group is also known by various other names including "Advanced Persistent Threat 1" ("APT1"), "the Comment group" and "Byzantine Candor", a codename given by US intelligence agencies since 2002.[7][8][9][10] A report by the [computer security firm](https://en.wikipedia.org/wiki/Computer_security) [Mandiant stated that PLA Unit 61398 is believed to](https://en.wikipedia.org/wiki/Mandiant) [operate under the 2nd Bureau of the People's Liberation Army General Staff Department](https://en.wikipedia.org/wiki/People%27s_Liberation_Army_General_Staff_Department) (GSD) [Third Department (总参三部二局)[1]](https://en.wikipedia.org/wiki/People%27s_Liberation_Army#Third_Department) and that there is evidence that it contains, or is ----- [itself, an entity Mandiant calls APT1, part of the advanced persistent threat that has attacked](https://en.wikipedia.org/wiki/APT1) a broad range of corporations and government entities around the world since at least 2006. APT1 is described as comprising four large networks in Shanghai, two of which serve the Pudong New Area. It is one of more than 20 APT groups with origins in China.[1][11] The Third [and Fourth Department, responsible for electronic warfare, are believed to comprise the PLA](https://en.wikipedia.org/wiki/People%27s_Liberation_Army#Fourth_Department) units mainly responsible for infiltrating and manipulating computer networks.[12] The group often compromises internal software "comment" features on legitimate web pages to infiltrate target computers that access the sites, leading it to be known as "the Comment Crew" or "Comment Group".[13][14] [The collective has stolen trade secrets and other](https://en.wikipedia.org/wiki/Trade_secret) confidential information from numerous foreign businesses and organizations over the [course of seven years such as Lockheed Martin,](https://en.wikipedia.org/wiki/Lockheed_Martin) [Telvent, and other companies in the](https://en.wikipedia.org/wiki/Telvent) shipping, aeronautics, arms, energy, manufacturing, engineering, electronics, financial, and software sectors.[8] [Dell SecureWorks says it believed the group includes the same group of attackers behind](https://en.wikipedia.org/wiki/Dell_SecureWorks) [Operation Shady RAT, an extensive computer espionage campaign uncovered in 2011 in](https://en.wikipedia.org/wiki/Operation_Shady_RAT) which more than 70 organizations over a five-year period, including the United Nations, [government agencies in the United States, Canada, South Korea, Taiwan and Vietnam, were](https://en.wikipedia.org/wiki/South_Korea) targeted.[2] The attacks documented in the summer of 2011 represent a fragment of the Comment group's attacks, which go back at least to 2002, according to incident reports and investigators. [FireEye, Inc. alone has tracked hundreds of targets in the last three years and](https://en.wikipedia.org/wiki/FireEye,_Inc.) estimates the group has attacked more than 1,000 organizations.[9] Most activity between [malware embedded in a compromised system and the malware's](https://en.wikipedia.org/wiki/Malware) controllers takes place during business hours in Beijing's time zone, suggesting that the group is professionally hired, rather than private hackers inspired by patriotic passions.[12] ## Public position of the Chinese government [Until 2013, the Government of China has consistently denied that it is involved in hacking.[15]](https://en.wikipedia.org/wiki/Government_of_China) [In response to the Mandiant Corporation report about Unit 61398, Hong Lei, a spokesperson](https://en.wikipedia.org/wiki/Mandiant) for the [Chinese foreign ministry, said such allegations were "unprofessional".[15][16]](https://en.wikipedia.org/wiki/Ministry_of_Foreign_Affairs_of_the_People%27s_Republic_of_China) In 2013, China changed its position and openly admitted to having secretive cyber warfare units in both the military and the civilian part of the government – however, the details of their activities were left to speculation.[17] As a show of force towards the rest of the global community the Chinese government now openly lists their abilities when it comes to digital spying and network attack capabilities.[18] ## Cultural references ----- In the 2022 cyber thriller Rise of the Water Margin, which is a 21st century adaptation of the [classic Water Margin Unit 61398 is commanded by Lin Chong. His team infiltrates](https://en.wikipedia.org/wiki/Water_Margin) [semiconductor EDA tools in order to embed a back door into semiconductors.](https://en.wikipedia.org/wiki/EDA_tool) ## See also [Titan Rain](https://en.wikipedia.org/wiki/Titan_Rain) [Chinese espionage in the United States](https://en.wikipedia.org/wiki/Chinese_espionage_in_the_United_States) [National Security Agency of the United States](https://en.wikipedia.org/wiki/National_Security_Agency) [PLA Unit 61486](https://en.wikipedia.org/wiki/PLA_Unit_61486) [Signals intelligence](https://en.wikipedia.org/wiki/Signals_intelligence) [Tailored Access Operations of the United States](https://en.wikipedia.org/wiki/Tailored_Access_Operations) [Mandiant](https://en.wikipedia.org/wiki/Mandiant) [FireEye](https://en.wikipedia.org/wiki/FireEye) ## References 1. ^ a b c _["APT1: Exposing One of China's Cyber Espionage Units" (PDF). Mandiant.](http://intelreport.mandiant.com/Mandiant_APT1_Report.pdf)_ _[Archived (PDF) from the original on 19 February 2013. Retrieved 19 February 2013.](https://web.archive.org/web/20130219155150/http://intelreport.mandiant.com/Mandiant_APT1_Report.pdf)_ 2. ^ a b c _David E. Sanger, David Barboza and Nicole Perlroth (18 February 2013)._ _["Chinese Army Unit Is Seen as Tied to Hacking Against U.S."](https://www.nytimes.com/2013/02/19/technology/chinas-army-is-seen-as-tied-to-hacking-against-us.html?emc=na&_r=1&)_ _[New York Times.](https://en.wikipedia.org/wiki/New_York_Times)_ _[Archived from the original on 22 February 2013. Retrieved 19 February 2013.](https://web.archive.org/web/20130222084011/http://www.nytimes.com/2013/02/19/technology/chinas-army-is-seen-as-tied-to-hacking-against-us.html?emc=na&_r=1&)_ 3. ^ _["Chinese military unit behind 'prolific and sustained hacking'". The Guardian. 19](https://www.theguardian.com/world/2013/feb/19/chinese-military-unit-prolific-hacking)_ _[February 2013. Archived from the original on 20 December 2013. Retrieved 19](https://web.archive.org/web/20131220122401/http://www.theguardian.com/world/2013/feb/19/chinese-military-unit-prolific-hacking)_ _February 2013._ 4. ^ _["中国人民解放军61398部队招收定向研究生的通知" [A notification of PLA Unit 64398](https://web.archive.org/web/20161202172240/http://www.cs.zju.edu.cn/chinese/redir.php?catalog_id=101913&object_id=106021)_ _to recruit postgraduate students as PLA-funded scholarship student.]. Zhejiang_ _University. 13 May 2004. Archived from_ _[the original on 2 December 2016. Retrieved 5](http://www.cs.zju.edu.cn/chinese/redir.php?catalog_id=101913&object_id=106021)_ _January 2019._ 5. ^ Finkle, J., Menn, J., Viswanatha, J. _U.S. accuses China of cyber spying on American_ _companies._ [Archived 12 April 2017 at the Wayback Machine Reuters, 20 Nov 2014.](https://web.archive.org/web/20170412015738/http://www.reuters.com/article/us-cybercrime-usa-china-idUSKCN0J42M520141120) 6. ^ Clayton, M. _[US indicts five in China's secret 'Unit 61398' for cyber-spying.](http://www.csmonitor.com/World/Security-Watch/Cyber-Conflict-Monitor/2014/0519/US-indicts-five-in-China-s-secret-Unit-61398-for-cyber-spying-on-US-firms)_ [Archived](https://web.archive.org/web/20140520075207/http://www.csmonitor.com/World/Security-Watch/Cyber-Conflict-Monitor/2014/0519/US-indicts-five-in-China-s-secret-Unit-61398-for-cyber-spying-on-US-firms) 20 May 2014 at the [Wayback Machine Christian Science Monitor, 19 May 2014](https://en.wikipedia.org/wiki/Wayback_Machine) 7. ^ _David Perera (6 December 2010). "Chinese attacks 'Byzantine Candor' penetrated_ _federal agencies, says leaked cable". fiercegovernmentit.com. Fierce Government IT._ _[Archived from the original on 19 April 2016.](https://web.archive.org/web/20160419054340/http://www.fiercegovernmentit.com/story/chinese-attacks-byzantine-candor-penetrated-federal-agencies-says-leaked-ca/2010-12-06)_ 8. ^ a b _Clayton, Mark (14 September 2012). "Stealing US business secrets: Experts ID_ _two huge cyber 'gangs' in China"._ _[CSMonitor.](https://en.wikipedia.org/wiki/CSMonitor)_ _[Archived from the original on 15](https://web.archive.org/web/20191115165311/https://www.csmonitor.com/USA/2012/0914/Stealing-US-business-secrets-Experts-ID-two-huge-cyber-gangs-in-China)_ _November 2019. Retrieved 24 February 2013._ 9. ^ a b _Riley, Michael; Dune Lawrence (26 July 2012). "Hackers Linked to China's Army_ _Seen From EU to D.C." Bloomberg.com._ _[Bloomberg.](https://en.wikipedia.org/wiki/Bloomberg_L.P.)_ _[Archived from the original on 11](https://web.archive.org/web/20150111064254/http://www.bloomberg.com/news/2012-07-26/china-hackers-hit-eu-point-man-and-d-c-with-byzantine-candor.html)_ _January 2015. Retrieved 24 February 2013._ ----- 10. Michael Riley; Dune Lawrence (2 August 2012). China s Comment Group Hacks _Europe—and the World"._ _[Bloomberg Businessweek.](https://en.wikipedia.org/wiki/Bloomberg_Businessweek)_ _[Archived from the original on 19](https://web.archive.org/web/20130219064600/http://www.businessweek.com/articles/2012-08-02/chinas-comment-group-hacks-europe-and-the-world)_ _February 2013. Retrieved 12 February 2013._ 11. ^ _Joe Weisenthal and Geoffrey Ingersoll (18 February 2013). "REPORT: An_ _[Overwhelming Number Of The Cyber-Attacks On America Are Coming From This](http://www.businessinsider.com/china-hacking-pla-unit-61398-2013-2)_ _Particular Army Building In China". Business Insider._ _[Archived from the original on 20](https://web.archive.org/web/20130220095914/http://www.businessinsider.com/china-hacking-pla-unit-61398-2013-2)_ _February 2013. Retrieved 19 February 2013._ 12. ^ a b _Bodeen, Christopher (25 February 2013). "Sign That Chinese Hackers Have_ _Become Professional: They Take Weekends Off"._ _[The Huffington Post.](https://en.wikipedia.org/wiki/The_Huffington_Post)_ _[Archived from](https://web.archive.org/web/20130226184036/http://www.huffingtonpost.com/2013/02/25/chinese-hackers_n_2756914.html)_ _the original on 26 February 2013. Retrieved 27 February 2013._ 13. ^ _Martin, Adam (19 February 2013). "Meet 'Comment Crew,' China's Military-Linked_ _Hackers"._ _[NYMag.com.](https://en.wikipedia.org/wiki/New_York_(magazine))_ _[New York Media.](https://en.wikipedia.org/wiki/New_York_Media)_ _[Archived from the original on 22 February](https://web.archive.org/web/20130222070617/http://nymag.com/daily/intelligencer/2013/02/meet-comment-crew-chinas-military-hackers.html)_ _2013. Retrieved 24 February 2013._ 14. ^ _Dave Lee (12 February 2013). "The Comment Group: The hackers hunting for clues_ _about you". BBC News._ _[Archived from the original on 12 February 2013. Retrieved 12](https://web.archive.org/web/20130212155404/http://www.bbc.co.uk/news/business-21371608)_ _February 2013._ 15. ^ a b _[Xu, Weiwei (20 February 2013). "China denies hacking claims". Morning Whistle.](http://www.morningwhistle.com/html/2013/PoliticsSociety_0220/217214.html)_ _[Archived from the original on 29 June 2013. Retrieved 8 April 2013.](https://archive.today/20130629220425/http://www.morningwhistle.com/html/2013/PoliticsSociety_0220/217214.html)_ 16. ^ _["Hello, Unit 61398". The Economist. 19 February 2013.](https://www.economist.com/blogs/analects/2013/02/chinese-cyber-attacks?spc=scode&spv=xm&ah=9d7f7ab945510a56fa6d37c30b6f1709)_ _[Archived from the original on](https://web.archive.org/web/20130305062734/http://www.economist.com/blogs/analects/2013/02/chinese-cyber-attacks?spc=scode&spv=xm&ah=9d7f7ab945510a56fa6d37c30b6f1709)_ _5 March 2013. Retrieved 5 March 2013._ 17. ^ _["China Finally Admits focusing on Cyber Warfare" (PDF). 19 March 2015. Archived](http://www.ucsusa.org/sites/default/files/attach/2015/03/chinese-nuclear-strategy-full-report.pdf)_ _(PDF) from the original on 29 August 2017. Retrieved 13 September 2017._ 18. ^ _[BBC (7 May 2013). "US accuses China government and military of cyber-spying".](https://www.bbc.com/news/world-asia-china-22430224)_ _BBC News._ _[Archived from the original on 15 January 2019. Retrieved 15 January](https://web.archive.org/web/20190115192443/https://www.bbc.com/news/world-asia-china-22430224)_ _2019._ **Hacking in the 2000s** [Timeline](https://en.wikipedia.org/wiki/Timeline_of_computer_security_hacker_history#2000s) ----- [Titan Rain (2003–2006)](https://en.wikipedia.org/wiki/Titan_Rain) [Operation Firewall](https://en.wikipedia.org/wiki/Operation_Firewall) [Cyberattacks on Estonia](https://en.wikipedia.org/wiki/2007_cyberattacks_on_Estonia) [Operation: Bot Roast](https://en.wikipedia.org/wiki/Operation:_Bot_Roast) [Project Chanology](https://en.wikipedia.org/wiki/Project_Chanology) [Cyberattacks on Georgia](https://en.wikipedia.org/wiki/Cyberattacks_during_the_Russo-Georgian_War) [Sarah Palin email hack](https://en.wikipedia.org/wiki/Sarah_Palin_email_hack) [US Military Cyberattack](https://en.wikipedia.org/wiki/2008_cyberattack_on_United_States) [Operation Troy](https://en.wikipedia.org/wiki/July_2009_cyberattacks) [WebcamGate (2008–2010)](https://en.wikipedia.org/wiki/WebcamGate) [ILOVEYOU](https://en.wikipedia.org/wiki/ILOVEYOU) [Pikachu](https://en.wikipedia.org/wiki/Pikachu_virus) [Anna Kournikova](https://en.wikipedia.org/wiki/Anna_Kournikova_(computer_virus)) [Code Red](https://en.wikipedia.org/wiki/Code_Red_(computer_worm)) [Nimda](https://en.wikipedia.org/wiki/Nimda) [Klez](https://en.wikipedia.org/wiki/Klez) [Simile](https://en.wikipedia.org/wiki/Simile_(computer_virus)) [SQL Slammer](https://en.wikipedia.org/wiki/SQL_Slammer) [Welchia](https://en.wikipedia.org/wiki/Welchia) [Sobig](https://en.wikipedia.org/wiki/Sobig) [Gruel](https://en.wikipedia.org/wiki/Gruel_(computer_worm)) [Blaster](https://en.wikipedia.org/wiki/Blaster_(computer_worm)) **Incidents** **[Groups](https://en.wikipedia.org/wiki/Hacker_group)** **[Individuals](https://en.wikipedia.org/wiki/Hacker)** **[Vulnerabilities](https://en.wikipedia.org/wiki/Vulnerability_(computing))** **discovered** **[Malware](https://en.wikipedia.org/wiki/Malware)** **2004** **2007** **2008** **2009** **2000** **2001** **2002** **2003** ----- [Bagle](https://en.wikipedia.org/wiki/Bagle_(computer_worm)) [NetSky](https://en.wikipedia.org/wiki/Netsky_(computer_worm)) [Sasser](https://en.wikipedia.org/wiki/Sasser_(computer_worm)) [Mydoom](https://en.wikipedia.org/wiki/Mydoom) [PGPCoder](https://en.wikipedia.org/wiki/PGPCoder) [Samy](https://en.wikipedia.org/wiki/Samy_(computer_worm)) [Rostock](https://en.wikipedia.org/wiki/Rustock_botnet) [ZLOB](https://en.wikipedia.org/wiki/Zlob_trojan) [Stration](https://en.wikipedia.org/wiki/Stration) [Storm](https://en.wikipedia.org/wiki/Storm_botnet) [ZeuS](https://en.wikipedia.org/wiki/Zeus_(malware)) [Asprox](https://en.wikipedia.org/wiki/Asprox_botnet) [Patched](https://en.wikipedia.org/wiki/Patched_(malware)) [Agent.btz](https://en.wikipedia.org/wiki/Agent.btz) [Mariposa](https://en.wikipedia.org/wiki/Mariposa_botnet) [Conficker](https://en.wikipedia.org/wiki/Conficker) [Koobface](https://en.wikipedia.org/wiki/Koobface) [Waledac](https://en.wikipedia.org/wiki/Waledac_botnet) [Operation Aurora](https://en.wikipedia.org/wiki/Operation_Aurora) [Australian cyberattacks](https://en.wikipedia.org/wiki/February_2010_Australian_cyberattacks) [Operation ShadowNet](https://en.wikipedia.org/wiki/Shadow_Network) [Operation Payback](https://en.wikipedia.org/wiki/Operation_Payback) **Hacking in the** **2010s** [Timeline](https://en.wikipedia.org/wiki/Timeline_of_computer_security_hacker_history#2010s) **Major incidents** **2004** **2005** **2006** **2007** **2008** **2009** **2010** ----- **2011** **2012** **2013** **2014** **2015** **2016** [DigiNotar](https://en.wikipedia.org/wiki/DigiNotar) [DNSChanger](https://en.wikipedia.org/wiki/DNSChanger) [HBGary Federal](https://en.wikipedia.org/wiki/HBGary) [Operation AntiSec](https://en.wikipedia.org/wiki/Operation_AntiSec) [Operation Tunisia](https://en.wikipedia.org/wiki/Operation_Tunisia) [PlayStation](https://en.wikipedia.org/wiki/2011_PlayStation_Network_outage) [RSA SecurID compromise](https://en.wikipedia.org/wiki/RSA_SecurID#March_2011_system_compromise) [LinkedIn hack](https://en.wikipedia.org/wiki/2012_LinkedIn_hack) [Stratfor email leak](https://en.wikipedia.org/wiki/2012%E2%80%9313_Stratfor_email_leak) [Operation High Roller](https://en.wikipedia.org/wiki/Operation_High_Roller) [South Korea cyberattack](https://en.wikipedia.org/wiki/2013_South_Korea_cyberattack) [Snapchat hack](https://en.wikipedia.org/wiki/Snapchat#December_2013_hack) [Cyberterrorism Attack of June 25](https://en.wikipedia.org/wiki/June_25_cyber_terror) [2013 Yahoo! data breach](https://en.wikipedia.org/wiki/Yahoo!_data_breaches#August_2013_breach) [Singapore cyberattacks](https://en.wikipedia.org/wiki/2013_Singapore_cyberattacks) [Anthem medical data breach](https://en.wikipedia.org/wiki/Anthem_medical_data_breach) [Operation Tovar](https://en.wikipedia.org/wiki/Operation_Tovar) [2014 celebrity nude photo leak](https://en.wikipedia.org/wiki/2014_celebrity_nude_photo_leak) [2014 JPMorgan Chase data breach](https://en.wikipedia.org/wiki/2014_JPMorgan_Chase_data_breach) [Sony Pictures hack](https://en.wikipedia.org/wiki/Sony_Pictures_hack) [Russian hacker password theft](https://en.wikipedia.org/wiki/2014_Russian_hacker_password_theft) [2014 Yahoo! data breach](https://en.wikipedia.org/wiki/Yahoo!_data_breaches#Late_2014_breach) [Office of Personnel Management data breach](https://en.wikipedia.org/wiki/Office_of_Personnel_Management_data_breach) [Hacking Team](https://en.wikipedia.org/wiki/Hacking_Team#2015_data_breach) [Ashley Madison data breach](https://en.wikipedia.org/wiki/Ashley_Madison_data_breach) [VTech data breach](https://en.wikipedia.org/wiki/VTech#2015_data_breach) [Ukrainian Power Grid Cyberattack](https://en.wikipedia.org/wiki/December_2015_Ukraine_power_grid_cyberattack) [SWIFT banking hack](https://en.wikipedia.org/wiki/2015%E2%80%932016_SWIFT_banking_hack) [Bangladesh Bank robbery](https://en.wikipedia.org/wiki/Bangladesh_Bank_robbery) Hollywood Presbyterian Medical Center ransomware incident [Commission on Elections data breach](https://en.wikipedia.org/wiki/Commission_on_Elections_data_breach) [Democratic National Committee cyber attacks](https://en.wikipedia.org/wiki/Democratic_National_Committee_cyber_attacks) [Vietnam Airport Hacks](https://en.wikipedia.org/wiki/Vietnamese_airports_hackings) [DCCC cyber attacks](https://en.wikipedia.org/wiki/Democratic_Congressional_Campaign_Committee_cyber_attacks) [Indian Bank data breaches](https://en.wikipedia.org/wiki/2016_Indian_Banks_data_breach) [Surkov leaks](https://en.wikipedia.org/wiki/Surkov_leaks) [Dyn cyberattack](https://en.wikipedia.org/wiki/2016_Dyn_cyberattack) [Russian interference in the 2016 U.S. elections](https://en.wikipedia.org/wiki/Russian_interference_in_the_2016_United_States_elections) [2016 Bitfinex hack](https://en.wikipedia.org/wiki/2016_Bitfinex_hack) ----- [2017 Macron e-mail leaks](https://en.wikipedia.org/wiki/2017_Macron_e-mail_leaks) [WannaCry ransomware attack](https://en.wikipedia.org/wiki/WannaCry_ransomware_attack) [Westminster data breach](https://en.wikipedia.org/wiki/2017_Westminster_data_breach) [Petya cyberattack](https://en.wikipedia.org/wiki/Petya_(malware)) [2017 cyberattacks on Ukraine](https://en.wikipedia.org/wiki/2017_cyberattacks_on_Ukraine) [Equifax data breach](https://en.wikipedia.org/wiki/2017_Equifax_data_breach) [Deloitte breach](https://en.wikipedia.org/wiki/Deloitte#E-mail_hack) [Disqus breach](https://en.wikipedia.org/wiki/Disqus#October_2017_security_breach) [Trustico](https://en.wikipedia.org/wiki/Trustico#DigiCert_and_Trustico_spat,_2018) [Atlanta cyberattack](https://en.wikipedia.org/wiki/Atlanta_government_ransomware_attack) [SingHealth data breach](https://en.wikipedia.org/wiki/2018_SingHealth_data_breach) [Sri Lanka cyberattack](https://en.wikipedia.org/wiki/2019_cyberattacks_on_Sri_Lanka) [Baltimore ransomware attack](https://en.wikipedia.org/wiki/2019_Baltimore_ransomware_attack) [Bulgarian revenue agency hack](https://en.wikipedia.org/wiki/2019_Bulgarian_revenue_agency_hack) [Jeff Bezos phone hacking](https://en.wikipedia.org/wiki/Jeff_Bezos_phone_hacking) [Bad Rabbit](https://en.wikipedia.org/wiki/Ransomware#Bad_Rabbit) [SpyEye](https://en.wikipedia.org/wiki/SpyEye) [Stuxnet](https://en.wikipedia.org/wiki/Stuxnet) [Alureon](https://en.wikipedia.org/wiki/Alureon) [Duqu](https://en.wikipedia.org/wiki/Duqu) [Kelihos](https://en.wikipedia.org/wiki/Kelihos_botnet) [Metulji botnet](https://en.wikipedia.org/wiki/Metulji_botnet) [Stars](https://en.wikipedia.org/wiki/Stars_virus) **[Hacktivism](https://en.wikipedia.org/wiki/Hacktivism)** **Advanced** **persistent threats** **[Individuals](https://en.wikipedia.org/wiki/Hacker)** **Major** **[vulnerabilities](https://en.wikipedia.org/wiki/Vulnerability_(computing))** **publicly** **[disclosed](https://en.wikipedia.org/wiki/Full_disclosure_(computer_security))** **[Malware](https://en.wikipedia.org/wiki/Malware)** **2017** **2018** **2019** **2010** **2011** ----- **2012** **2013** **2014** **2015** **2016** **2017** [Carna](https://en.wikipedia.org/wiki/Carna_botnet) [Dexter](https://en.wikipedia.org/wiki/Dexter_(malware)) [FBI](https://en.wikipedia.org/wiki/FBI_MoneyPak_Ransomware) [Flame](https://en.wikipedia.org/wiki/Flame_(malware)) [Mahdi](https://en.wikipedia.org/wiki/Mahdi_(malware)) [Red October](https://en.wikipedia.org/wiki/Red_October_(malware)) [Shamoon](https://en.wikipedia.org/wiki/Shamoon) [CryptoLocker](https://en.wikipedia.org/wiki/CryptoLocker) [DarkSeoul](https://en.wikipedia.org/wiki/DarkSeoul_(wiper)) [Brambul](https://en.wikipedia.org/wiki/Brambul) [Carbanak](https://en.wikipedia.org/wiki/Carbanak) [Careto](https://en.wikipedia.org/wiki/Careto_(malware)) [DarkHotel](https://en.wikipedia.org/wiki/DarkHotel) [Duqu 2.0](https://en.wikipedia.org/wiki/Duqu_2.0) [FinFisher](https://en.wikipedia.org/wiki/FinFisher) [Gameover ZeuS](https://en.wikipedia.org/wiki/Gameover_ZeuS) [Regin](https://en.wikipedia.org/wiki/Regin_(malware)) [Dridex](https://en.wikipedia.org/wiki/Dridex) [Hidden Tear](https://en.wikipedia.org/wiki/Hidden_Tear) [Rombertik](https://en.wikipedia.org/wiki/Rombertik) [TeslaCrypt](https://en.wikipedia.org/wiki/TeslaCrypt) [Hitler](https://en.wikipedia.org/wiki/Hitler-Ransomware) [Jigsaw](https://en.wikipedia.org/wiki/Jigsaw_(ransomware)) [KeRanger](https://en.wikipedia.org/wiki/KeRanger) [MEMZ](https://en.wikipedia.org/wiki/MEMZ) [Mirai](https://en.wikipedia.org/wiki/Mirai_(malware)) [Pegasus](https://en.wikipedia.org/wiki/Pegasus_(spyware)) [Petya (NotPetya)](https://en.wikipedia.org/wiki/Petya_(malware)) [X-Agent](https://en.wikipedia.org/wiki/X-Agent) [BrickerBot](https://en.wikipedia.org/wiki/BrickerBot) [Kirk](https://en.wikipedia.org/wiki/Kirk_Ransomware) [LogicLocker](https://en.wikipedia.org/wiki/LogicLocker) _[Rensenware ransomware](https://en.wikipedia.org/wiki/Rensenware)_ [Triton](https://en.wikipedia.org/wiki/Triton_(malware)) [WannaCry](https://en.wikipedia.org/wiki/WannaCry_ransomware_attack) [XafeCopy](https://en.wikipedia.org/wiki/Xafecopy_Trojan) ----- [Grum](https://en.wikipedia.org/wiki/Grum_botnet) [Joanap](https://en.wikipedia.org/wiki/Joanap) [NetTraveler](https://en.wikipedia.org/wiki/NetTraveler) [R2D2](https://en.wikipedia.org/wiki/Chaos_Computer_Club#Staatstrojaner_affair) [Tinba](https://en.wikipedia.org/wiki/Tinba) [Titanium](https://en.wikipedia.org/wiki/Titanium_(malware)) [Vault 7](https://en.wikipedia.org/wiki/Vault_7) [ZeroAccess botnet](https://en.wikipedia.org/wiki/ZeroAccess_botnet) **2019** **[National security and](https://en.wikipedia.org/wiki/National_security_of_China)** **[law enforcement in China](https://en.wikipedia.org/wiki/Law_enforcement_in_China)** **National organizations** **[Mainland organizations](https://en.wikipedia.org/wiki/Mainland_China)** **[Hong Kong organizations](https://en.wikipedia.org/wiki/Law_enforcement_in_Hong_Kong)** **[Macau organizations](https://en.wikipedia.org/wiki/Law_enforcement_in_Macau)** **Operations** **Other topics** [Coordinates:](https://en.wikipedia.org/wiki/Geographic_coordinate_system) 31°20′57.43″N [121°34′24.74″E](https://geohack.toolforge.org/geohack.php?pagename=PLA_Unit_61398¶ms=31_20_57.43_N_121_34_24.74_E_region:CN_type:landmark_source:MandiantReportPage12) -----