ev_001 A-1 PLA Unit 61398 is also located in precisely the same area from which APT1 activity appears to originate. … 141 organizations across 20 industries.
Evidence · Source Records · Forensic Audit Trail
Evidence
Every claim in this report traces back to one of 31 evidence records below. Each was captured passively during recon, hashed at capture for chain-of-custody, and graded per the Admiralty Scale (NATO STANAG 2511). Click any ev_xxx chip elsewhere in the report to jump straight to its source record.
31
Records
31
Sources
29
High Grade
2
Moderate
0
Low Grade
2026-06-15
Captured
ev_002 B-2 PLA Unit 61398 is the military unit cover designator (MUCD) of a People's Liberation Army advanced persistent threat unit … stationed in Pudong, Shanghai … cited by US intelligence agencies since 2002.
ev_003 B-2 In December 2013, FireEye acquired Mandiant for $1 billion. … In March 2022, Google announced it would acquire Mandiant for $5.4 billion. The firm was fully incorporated into the Google Cloud division in September 2022.
ev_004 B-2 An advanced persistent threat (APT) is a stealthy cybersecurity threat, typically manipulated by a state or state-sponsored group …
ev_005 B-2 The government of the People's Republic of China is engaged in espionage overseas, directed through diverse methods via the Ministry of State Security (MSS) … and People's Liberation Army (PLA) via its Intelligence Bureau of the Joint Staff Department …
ev_006 A-1 A grand jury in the Western District of Pennsylvania (WDPA) indicted five Chinese military hackers for computer hacking, economic espionage and other offenses … directed at six American victims.
ev_007 A-1 Defendants WANG, SUN, and WEN, among others known and unknown to the Grand Jury, hacked …
ev_008 A-1 Five Chinese military hackers were indicted on charges of computer hacking, economic espionage, and other offenses directed at six American victims.
ev_009 A-2 The Department of Justice has indicted five officers in Unit 61398 of the Chinese People's Liberation Army (PLA) — Wang Dong, Sun Kailiang, Wen Xinyu, Huang Zhenyu, and Gu Chunhui.
ev_010 A-2 APT1 is a Chinese threat group that has been attributed to the 2nd Bureau of the People's Liberation Army (PLA) General Staff Department's (GSD) 3rd Department.
ev_011 B-2 On 19 April 2024, the Strategic Support Force was dissolved and split into … the PLA Cyberspace Force, the PLA Aerospace Force, and the PLA Information Support Force.
ev_012 B-2 He identified the groups Salt Typhoon and Volt Typhoon, which also infiltrated U.S. systems for espionage and potential sabotage …
ev_013 A-1 People's Republic of China (PRC) state-sponsored cyber threat actors are targeting networks globally …
ev_014 B-2 … hacker named Wang Dong, a.k.a. Ugly Gorilla. … Mei Qiang (a.k.a. Superhard) … DOTA used some of the same domains and IP addresses for data theft as Wang Dong.
ev_015 B-2 One man accused of being a hacker for the Chinese military, Wang Dong, better known as UglyGorilla, wrote in a social media post …
ev_016 A-2 A key casualty of the reform was the PLA's Strategic Support Force, which was dissolved in the reorganization despite having been established in late 2015.
ev_017 A-2 On 19 April 2024, the People's Liberation Army's (PLA) Central Military Commission (CMC) announced the end of the PLA's Strategic Support Force …
ev_018 B-2 Operation Aurora was a series of cyber attacks performed by advanced persistent threats such as the Elderwood Group based in Beijing, China, with associations with the People's Liberation Army.
ev_019 B-2 Titan Rain was a series of coordinated attacks on computer systems in the United States since 2003 … attacks originated in Guangdong, China.
ev_020 B-2 Cyberwarfare is the strategic use of computer technology to disrupt the functions of a state or organization …
ev_021 B-2 Wang Dong … hacker who is part of PLA Unit 61398. Other names: Jack Wang, UglyGorilla, Greenfield.
ev_022 B-2 Mandiant has traced APT 1 operators to a physical address that overlaps with the compound at which Unit 61398 is stationed in the Pudong New Area …
ev_023 C-3 Operating as PLA Unit 61398 from a 12-storey building in Shanghai's Pudong district, the group systematically compromised 141 organisations across 20 industries.
ev_024 A-2 The focus of this report is APT 1 — which the report concludes is the People['s] Liberation Army's Unit 61398 — the military unit cover designator.
ev_025 A-2 APT-1 is known due to the Mandiant report … Comment Crew, Comment Panda, Comment Group, and Shady Rat.
ev_026 B-2 RedNovember, a likely Chinese state-sponsored cyber-espionage group, has targeted global government, defense, and tech sectors …
ev_027 A-2 The April 2024 reorganization eliminated the Strategic Support Force and subordinated the Space Systems Department and Network Systems …
ev_028 A-2 The APT 1 report exposed the infrastructure of a cyber threat actor and gave both government and nongovernment organizations insight into the escalating nature …
ev_029 C-2 Jack Wang, a.k.a. Wang Dong, a.k.a. UglyGorilla … Mei Qiang signs much of his work by embedding his name into the code. His malware is often signed 'SuperHard'.
ev_030 B-2 The DOJ specifically named 'Wang Dong, Sun Kailiang, Wen Xinyu, Huang Zhenyu, and Gu Chunhui, who were officers in Unit 61398 of the Third [Department] …'
ev_031 A-2 Mandiant changed this with its groundbreaking report, which not only tied the activity directly to a specific PLA unit — Unit 61398 — and to … Wang Dong (aka UglyGorilla), Mei Qiang (aka SuperHard) and an individual who used the handle 'DOTA'.
No evidence matches the current filters.