After being publicly exposed in February as the source of a long list of cyberattacks on US companies and media organizations, the Chinese People's Liberation Army's (PLA) Unit 61396 largely pulled back from the networks the unit had infiltrated. But now, the New York Times reports, the hackers are back in action using new techniques to go after many of the same corporate and government targets they had infiltrated before.
The revived attacks come despite (or perhaps because of) the direct accusations leveled against China's military in a Pentagon report to Congress earlier this month. The White House approved "naming and shaming" the PLA unit in hopes that it would cause the Chinese government to take action. The move was part of an escalation of diplomatic pressure that began in March, when White House National Security Advisor Tom Donilon first publicly mentioned the Obama Administration's appeal to the Chinese government to "engage with us in a constructive dialogue" on cyber security.
"In 2012, numerous computer systems around the world, including those owned by the US government, continued to be targeted for intrusions, some of which appear to be attributable directly to the Chinese government and military," the Pentagon report stated. "These intrusions were focused on exfiltrating information. China is using its computer network exploitation (CNE) capability to support intelligence collection against the U.S. diplomatic, economic, and defense industrial base sectors that support US national defense programs."