Comment Crew

Threat Actor updated a month ago (2024-11-29T14:20:45.656Z)
Download STIX
Preview STIX
Comment Crew, also known as APT1 or Unit 61398, is a significant threat actor attributed to China's People's Liberation Army (PLA) General Staff Department’s 3rd Department. The group has been active since at least 2005-2006, as traced by Mr. Stewart of Dell Secureworks. Among the myriad of Chinese cyberespionage groups, Comment Crew and the Elderwood Gang are the most prominent. The malware used by Comment Crew has been in circulation for years, contributing to its long-standing reputation within the cybersecurity industry. However, it's important to note that recent activities bearing code similarities to Comment Crew, such as those observed in the Fractured Block Campaign, are believed to be false flags. The group has been involved in numerous high-profile infiltrations, with at least 72 organizations falling victim to their operations. Some of these targets include defense companies, the International Olympic Committee, and the United Nations. Comment Crew's extensive campaign, dubbed Operation ShadyRAT by Mr. Alperovitch, utilized remote access tools (RATs) to control computer systems remotely, further emphasizing the group's sophisticated capabilities and far-reaching influence. Despite the substantial evidence pointing towards Comment Crew's malicious activities, bringing them to justice, particularly in the U.S., remains unlikely due to geopolitical complexities. Nevertheless, understanding their tactics, techniques, and procedures (TTPs) provides invaluable insights into their operations, aiding in the development of effective countermeasures. It should be noted that while Mr. Alperovitch was still at McAfee in 2011, he revealed Comment Crew operating alongside the Elderwood Gang, another influential Chinese cyberespionage group.
Description last updated: 2023-10-10T19:48:10.045Z
What's your take? (Question 1 of 0)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
APT1 is a possible alias for Comment Crew. APT1, also known as Unit 61398 or Comment Crew, is a notorious cyber-espionage group believed to be part of China's People's Liberation Army (PLA) General Staff Department's 3rd Department. This threat actor has been linked with several high-profile Remote Access Trojans (RATs), enabling them to tak
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Comment Crew Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more