PLA Unit 61486

Unit 61486 is a bureau within the Operations arm of the Third Department of the General Staff Department. Its name, Unit 61486, is a Military Unit Cover Designator (MUCD), these are used to hide the unit's true identity. The earliest signs of the unit's existence comes from 2007. Unit 61486 is the 12th Bureau within the Third Department, the majority of their cyber attacks have been focused on targeting American, European, and Japanese industries that worked in aerospace and satellite. They are believed to be focused on space technology. == Operations ==

They primarily have done their work through a technique known as spear-phishing, also known as Remote Access Tools (RAT), targeting members of industries noted above, specifically members that had played golf as major targets in their operations. However, Canada has only stated the attack was done by state actors working for China, saying "a highly sophisticated Chinese state-sponsored actor" had been responsible for the attack. Their statement did not directly attribute it to Unit 61486. In response to these allegations, Ministry of Foreign Affairs of the People's Republic of China would demand that Canada stop making these claims. Foreign ministry spokesman Qin Gang said that they did not have any evidence to back this claim and this accusation was unjustified provocation. == Exposing of Operations ==

On the 9th of June 2014, the security firm Crowdstrike released a report detailing the actions of Unit 61486, as well as a potential member of the unit. In a personal blog Chen Ping listed his work as military, whilst in a different blog, a post said "Soldier’s duty is to defend the country, as long as our country is safe, our military is excellent.", suggesting that Chen held nationalistic ideals that would encourage one to join the armed forces. This blog also states that Chen Ping lived in Shanghai from 2005 to 2007. However, this page was last updated in 2007 before being taken down following the release of Crowdstrike's report. Based on previous IP addresses and photos from Chen Ping's multiple personal blogs, Crowdstrike states that the headquarters for the unit is within the Zhabei District of Shanghai. Furthermore, several of the website domains registered by Chen Ping led to an address that was close to a building he took a photo of, and posted under the caption of "office". Additionally, these personal photos showed large satellite dish installations. From Crowdstrike's investigations they believed that Unit 61486 was involved in space surveillance and also the targeting of western companies that manufactured or researched satellites. Thus the satellite dishes were related to this activity. A webpage published by a Chinese government entity that details theatrical performances involving members of the PLA listed an address that also corresponds to an area that has the buildings in Chen Ping's photos. With the address from this site as well as the personal photos from Chen Pings blogs, Crowdstrike states that they believe that this building is the headquarters for Unit 61486. This report also suggested that Unit 61486 works alongside Unit 61398, another unit within the Third Department. Several domains registered to alleged members of 61486 have the same IP address as ones from Unit 61398. In addition to the allegations of cooperation with Unit 61398, another unit, Vixen Panda, is mentioned to have a connection to unit 61486, as an IP address that had been used by Vixen Panda for one of their sites had also been associated with a domain that Unit 61486 had used. Furthermore, "cpyy" (Chen Ping) was also found to interact with an individual listed as "linxder", on cpyy.org, cpyy's site. The individual Linxder is the handle of someone part of Comment Panda, another hacking group believed to be in Shanghai. Following the exposing of Chen Ping or "cpyy", his information was all taken down the day after the report was released. Additionally, according to Crowdstrike they believe that Chen Ping has been moved from Shanghai to Kunming in Yunnan province. According to the Project 2049 Institute, the Unit 61486 has a facility in the region. This report had been available to subscribers of Crowdstrike since April 2014 However, only following the public release of the report would there be responses made by the United States as well as the Chinese Foreign Ministry. == Official Response by the Chinese Foreign Ministry ==

In the previous year, the security firm Mandiant had exposed Unit 61398, for doing similar activity to Unit 61486. The month before the report on Unit 61486 was released, the United States had indicted 5 people they believed to be members of Unit 61398, of cyber espionage, marking the first time this charge was levelled at state actors. The Foreign Ministry Spokesperson further iterated that the report could not be correct, saying it was ridiculous that someone that would do this sort of work would be open about being a hacker. In addition to these allegations, the week before the report was released, the Chinese government criticised the United States Department of Defense for releasing a report that said they believed China's actual military spending was an estimated $145 billion US dollars. The report additionally warned that China was speeding up its military modernisation program. However, even though tensions and relations between the two nations were already poor, and increasing from these events and allegations, China would still accept an invitation to participate in RIMPAC which was to occur within the month. This would mark the first time China would participate in an American led naval drill, though they had previously participated in 1998 as observers. They would send 4 ships in total, a destroyer, frigate, a supply ship and a hospital ship. == See also ==