APT1
High ConfidenceMedium ThreatComment Crew • Comment Panda • Byzantine Candor • PLA Unit 61398
APT1, also known as Comment Crew or PLA Unit 61398, is a Chinese state-sponsored cyber espionage group attributed to the People's Liberation Army's 2nd Bureau of the General Staff Department's 3rd Department. Operating from a 12-story facility in Shanghai's Pudong district, the group conducted systematic intellectual property theft against over 140 organizations across 20 major industries between 2006-2013. Their operations focused on stealing hundreds of terabytes of data from aerospace, defense, energy, and technology sectors. Following Mandiant's landmark 2013 exposure report that identified specific PLA officers, the group's activity significantly decreased, though they are believed to have reorganized under different operational security measures.
APT1, also known as Comment Crew or PLA Unit 61398, is a Chinese state-sponsored cyber espionage group attributed to the People's Liberation Army's 2nd Bureau of the General Staff Department's 3rd Department. Operating from a 12-story facility in Shanghai's Pudong district, the group conducted systematic intellectual property theft against over 140 organizations across 20 major industries between 2006-2013. Their operations focused on stealing hundreds of terabytes of data from aerospace, defense, energy, and technology sectors. Following Mandiant's landmark 2013 exposure report that identified specific PLA officers, the group's activity significantly decreased, though they are believed to have reorganized under different operational security measures.
Target Sectors
Target Regions
Attributed to PLA Unit 61398 (China). Attribution confidence: High.
Future Outlook
APT1 is expected to continue operations targeting Technology sectors.
First observed activity of APT1
Continued active operations