• search

Amidst heightened tensions, why India should be wary of China’s Comment crew

New Delhi, Aug 04: Security agencies have raised an alert following intelligence inputs of Chinese spying being upped.

India-China talks: There is a silver lining, but issues persist

There have been several attempts in the past couple of months where hackers backed by the Peoples Liberation Army have tried to access sensitive information from India. There are attempts to carry out a cyber espionage, an Intelligence Bureau official told OneIndia.

Amidst heightened tensions, why India should be weary of China’s Comment crew

The IB further added that the cyber espionage wing known as 61398 headquartered in Shanghai has upped its activities in a big way. It may be recalled that in 2014, five PLA officials were charged by the United States for espionage and they too were part of the same unit.

China doubled air bases and heliports near LAC in three years: Report

When the US probed the case, it was found that some of the aliases that the PLA used were KandyGoo, WinXYHappy and UglyGorilla. While there is enough evidence to show that this unit is very much of the PLA, the Chinese have maintained that it never supports hackers.

Comment crew:

According to Mandiant Unit 61398 is also known as Comment crew. It has stolen several terabytes of data from at least 141 organisations across 20 industries and 141 organisations. There are nearly 1,000 servers that this unit uses.


Mandiant estimated that this unit has at least 1,000 staff. The building that houses this unit in Shanghai has 12 floors and is 130,000 square feet. An estimate suggested that this building can house at least 2,000 people in it.

Support and focus:

It was observed that the companies targeted by Unit 61398 were blue chip companies in several important industries such as satellite, aerospace, information-technology, strategic industries and telecommunications.

It was also noticed that the unit has a special fibre optic communication infrastructure, which is owned by the state owned, China Telecom in the name of national defence.

Mandiant also said that Unit 61392 is just one of the more than 20 cyber attack groups which have their origins in China.

The pattern:

The hackers part of this unit use spear phishing to hack into companies. They use scam emails appear like they are from someone the receiver actually knows. The emails would be personally addressed and signed by another employer in the same company.

The spear phishers would scan a persons profile on the social media to find out more details and then make the scam email seem legitimate in nature.

High alert:

Amidst the heightened tensions with China, the Indian agencies have said that they could use this unit to target critical infrastructure. India has always been on guard against Chinese hackers as they have many times in the past tried to gain critical information.

However this time, the guard has been raised higher as there has been immense activity as a result of which the Indian agencies believe that the Chinese may be using Unit 61398 or Comment crew.

For Daily Alerts
Related News
Get Instant News Updates
Notification Settings X
Time Settings
Clear Notification X
Do you want to clear all the notifications from your inbox?
Settings X