why discuss now? 
This is the FBI 5 Unit61398From left, Chinese military officers Gu Chunhui, Huang Zhenyu, Sun Kailiang, Wang Dong, and Wen Xinyu indicted on cyber espionage charges.
Above Wanted notices included to show this is not an aberration but a consistent policy by CCP.
I have written about Chinese PLA (People’s Liberation Army) or Communist party Army before but what is the after action report of the Unit 61398. (I also included this in my book “Too Late You’re Hacked”) which is why it is very easy for me to talk about this issue.
There is some more detailed information on this government website on Monday, May 19, 2014
Summary of the Indictment
Defendants : Wang Dong, Sun Kailiang, Wen Xinyu, Huang Zhenyu, and Gu Chunhui, who were officers in Unit 61398 of the Third Department of the Chinese People’s Liberation Army (PLA). The indictment alleges that Wang, Sun, and Wen, among others known and unknown to the grand jury, hacked or attempted to hack into U.S. entities named in the indictment, while Huang and Gu supported their conspiracy by, among other things, managing infrastructure (e.g., domain accounts) used for hacking.
Victims : Westinghouse Electric Co. (Westinghouse), U.S. subsidiaries of SolarWorld AG (SolarWorld), United States Steel Corp. (U.S. Steel), Allegheny Technologies Inc. (ATI), the United Steel, Paper and Forestry, Rubber, Manufacturing, Energy, Allied Industrial and Service Workers International Union (USW) and Alcoa Inc.
Time period : 2006-2014.
What you really need to do is focus on the Victims as they are from manufacturing, energy, materials and union entities. US Steel, Allegheny Tech(ATI), Alcoa
If you are thinking of becoming a builder in this trade war (to offset the lack of Chinese products) you better have top notch IT defense functions. Learn a well known fact about the Unit61398 by Mandiant report
The Initial Compromise
The Initial Compromise represents the methods intruders use to first penetrate a target organization’s network. As with
most other APT groups, spear phishing is APT1’s most commonly used technique. The spear phishing emails contain
either a malicious attachment or a hyperlink to a malicious file. The subject line and the text in the email body are
usually relevant to the recipient. APT1 also creates webmail accounts using real peoples’ names — names that are
familiar to the recipient, such as a colleague, a company executive, an IT department employee, or company counsel
— and uses these accounts to send the emails. As a real-world example, this is an email that APT1 sent to Mandiant
employees:
So it is as I always preach – the initial attack was a spear phishing email…
Look at above transactions – someone responded (from China) to an email “Is this real?” replying to spam email is not the right way to see if an email is legitimate!!!
I know this attack is from many years ago (at least 11 years) but it is a good way to understand the details of a well known attack.
These attacks are similar in their nature even if the specific wording and file structure has changed. for one thing the hackers are still out there working in Unit61398 or the equivalent.
Here are some of the specific ways that the 5 hackers were attributed to attacks Justice.gov website:
Sun Kailang – Alcoa hack (Aluminum co)
About three weeks after Alcoa announced a partnership with a Chinese state-owned enterprise (SOE-3) in February 2008, Sun sent a spearphishing e-mail to Alcoa. Thereafter, in or about June 2008, unidentified individuals stole thousands of e-mail messages and attachments from Alcoa’s computers, including internal discussions concerning that transaction.
In 2010 – Sun Kailang – hacked Westinghouse
In 2010, while Westinghouse was building four AP1000 power plants in China and negotiating other terms of the construction with a Chinese SOE (SOE-1), including technology transfers, Sun stole confidential and proprietary technical and design specifications for pipes, pipe supports, and pipe routing within the AP1000 plant buildings.
Additionally, in 2010 and 2011, while Westinghouse was exploring other business ventures with SOE-1, Sun stole sensitive, non-public, and deliberative e-mails belonging to senior decision-makers responsible for Westinghouse’s business relationship with SOE-1.
Check out my Store for my books and templates. Contact me to work on your Cybersecurity.