According to the Insikt Group at Recorded Future, People’s Liberation Army (PLA) Unit 69010 has been linked to a chain of espionage campaigns from 2014 to 2021, all focused on gaining military intelligence from neighboring countries. The intelligence gathered by the attackers falls in the categories of aerospace, defense, telecommunication, and research. The malware used in the intrusions included PlugX, IceFog, ShadowPad, and PCshare. Due to poor operational security of the attackers and evidence of a broad espionage campaign against more than 200 Japanese companies and organizations since at least 2016 that was released by Japanese law enforcement, these attributions are made in high confidence.
Analyst Notes
This report references years of research into known espionage campaigns and brings them together in a way not previously shown as related. The PLA is showing its hand as capable of stealing both state and corporate information. The Peoples Liberation Army also muddied their actions by utilizing third-party contractors hired by the Chinese Ministry of State Security (MSS) in tandem with China’s military red teams. Studying malware like PlugX and past campaigns can guide organizations in understanding what information is most important to state actors.
https://therecord.media/sprawling-cyber-espionage-campaign-linked-to-chinese-military-unit/
