Comment Crew

Threat Actor Profile Updated 25 days ago
Download STIX
Preview STIX
Comment Crew, also known as APT1 or Unit 61398, is a significant threat actor attributed to China's People's Liberation Army (PLA) General Staff Department’s 3rd Department. The group has been active since at least 2005-2006, as traced by Mr. Stewart of Dell Secureworks. Among the myriad of Chinese cyberespionage groups, Comment Crew and the Elderwood Gang are the most prominent. The malware used by Comment Crew has been in circulation for years, contributing to its long-standing reputation within the cybersecurity industry. However, it's important to note that recent activities bearing code similarities to Comment Crew, such as those observed in the Fractured Block Campaign, are believed to be false flags. The group has been involved in numerous high-profile infiltrations, with at least 72 organizations falling victim to their operations. Some of these targets include defense companies, the International Olympic Committee, and the United Nations. Comment Crew's extensive campaign, dubbed Operation ShadyRAT by Mr. Alperovitch, utilized remote access tools (RATs) to control computer systems remotely, further emphasizing the group's sophisticated capabilities and far-reaching influence. Despite the substantial evidence pointing towards Comment Crew's malicious activities, bringing them to justice, particularly in the U.S., remains unlikely due to geopolitical complexities. Nevertheless, understanding their tactics, techniques, and procedures (TTPs) provides invaluable insights into their operations, aiding in the development of effective countermeasures. It should be noted that while Mr. Alperovitch was still at McAfee in 2011, he revealed Comment Crew operating alongside the Elderwood Gang, another influential Chinese cyberespionage group.
What's your take? (Question 1 of 0)
63cdfb84-4a8c-49ce-bc1d-9dd99da2cd13 Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
APT1
2
APT1, also known as Unit 61398 or Comment Crew, is a notorious cyber-espionage group believed to be part of China's People's Liberation Army (PLA) General Staff Department's 3rd Department. This threat actor has been linked with several high-profile Remote Access Trojans (RATs), enabling them to tak
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Comment Crew Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
The Fractured Block Campaign: CARROTBAT Used to Deliver Malware Targeting Southeast Asia
MITRE
a year ago
Advanced Persistent Threats (APTs) | Threat Actors & Groups
MITRE
a year ago
Stealing US business secrets: Experts ID two huge cyber 'gangs' in China