Comment Crew

Comment Crew, also known as APT1 or Unit 61398, is a significant threat actor attributed to China's People's Liberation Army (PLA) General Staff Department’s 3rd Department. The group has been active since at least 2005-2006, as traced by Mr. Stewart of Dell Secureworks. Among the myriad of Chinese cyberespionage groups, Comment Crew and the Elderwood Gang are the most prominent. The malware used by Comment Crew has been in circulation for years, contributing to its long-standing reputation within the cybersecurity industry. However, it's important to note that recent activities bearing code similarities to Comment Crew, such as those observed in the Fractured Block Campaign, are believed to be false flags. The group has been involved in numerous high-profile infiltrations, with at least 72 organizations falling victim to their operations. Some of these targets include defense companies, the International Olympic Committee, and the United Nations. Comment Crew's extensive campaign, dubbed Operation ShadyRAT by Mr. Alperovitch, utilized remote access tools (RATs) to control computer systems remotely, further emphasizing the group's sophisticated capabilities and far-reaching influence. Despite the substantial evidence pointing towards Comment Crew's malicious activities, bringing them to justice, particularly in the U.S., remains unlikely due to geopolitical complexities. Nevertheless, understanding their tactics, techniques, and procedures (TTPs) provides invaluable insights into their operations, aiding in the development of effective countermeasures. It should be noted that while Mr. Alperovitch was still at McAfee in 2011, he revealed Comment Crew operating alongside the Elderwood Gang, another influential Chinese cyberespionage group.