According to the Insikt Group at Recorded Future, People’s Liberation Army (PLA) Unit 69010 has been linked to a chain of espionage campaigns from 2014 to 2021, all focused on gaining military intelligence from neighboring countries. The intelligence gathered by the attackers falls in the categories of aerospace, defense, telecommunication, and research. The malware used in the intrusions included PlugX, IceFog, ShadowPad, and PCshare. Due to poor operational security of the attackers and evidence of a broad espionage campaign against more than 200 Japanese companies and organizations since at least 2016 that was released by Japanese law enforcement, these attributions are made in high confidence.
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is