Russian or American hackers are probably the ones that we usually hear about, but there are a lot of Chinese hacker groups that have had their fair share in huge cyber-attacks and data leaks. it is believed that most of them have ties with the Chinese government, though there is no confirmation of such information. Those hacker groups who don’t have a name of their own are usually called “Advanced Persistent Threat” and given a number. There are more than 20 known APT groups in China.
For example, APT1 (also known as the Comment Crew) has been operating since about 2005 and the group is known to have stolen tons of confidential data from about foreign 140 organizations in sectors like finance, electronics, energy and more. The Comment Crew is known as such because it compromised internal software comment features on legitimate websites, making it easy to infiltrate computers and access the needed information. Moreover, the Comment Crew is often associated with the Chinese People’s Liberation Army and the Chinese government in general.
A Chinese hacker group known as APT10 targeted multiple countries such as the US, France, Japan as well as others mostly located in Europe. Sensitive military data and intelligence was the main target in the hopes of strengthening China’s own security and shielding the country from possible attacks.
Another well-known group KeyBoy has been using malware attacks that usually focus on Western organizations as well as those located in South East Asia. KeyBoy is usually infecting computers with a certain type of malware that secretly can download information, take screenshots, browse computer logs and etc. The said malware was usually downloaded and installed as a fake Microsoft Word DLL file needed to “open” the infected file a user has already downloaded.
Honker Union is a group known for its nationalism and for its attacks on governmental websites of the United States. Honker Union has also been involved in numerous hacker wars against Vietnam, Philippines and other countries. The main attacks include usually defacing websites and leaving certain messages by altering their appearances. While the group avoided commercial gain, it can be said that it had a strong social influence and was described as a patriotic hacker group.
One of the oldest hacker groups is known as NCHP or Network Crack Program Hacker Group. It is believed that the group was founded back in 1994 and it gained respect and recognition after hacking about 40% of other hacker association websites in China. Also, this hacker group managed to attack the US Department of Defense. NCHP’s leader stated that they were getting paid for their attacks, but did not say by who, though many speculate that it is supposedly the People’s Liberation Army.
The Elderwood group has been known to be the one that hacked and targeted various human rights websites, supply chains as well as defense companies, in total – more than 20 organizations and companies, including Google. The attacks were dubbed as “Operation Aurora”. After this barrage of attacks, it was said that Google started reviewing its business in China. The group has also been linked to attacks against Tibetan activists.
What is interesting is that China and the US have signed a hacking truce in late 2015. The agreement was not to attack or hack companies from the private sector in the hopes of getting a commercial gain. This shows that it is possible to raise questions regarding cyberspace and to negotiate in wanting to make it safer. Hiring a hacker will always be a high stakes game, regardless of where one is in the world, because the battle for information gives the counterparty an enormous advantage.