Skip to: Content
Skip to: Site Navigation
Skip to: Search

Stealing US business secrets: Experts ID two huge cyber 'gangs' in China

Two large operations in China account for 90 percent of cyberespionage against US business, one expert says. Research suggests the scope of the operations could be breathtaking.

By Staff writer / September 14, 2012

Flowers are placed on the Google logo outside Google China headquarters in Beijing, China, on March 23, 2010.

Ng Han Guan/AP/File


Sneaky Panda. The Elderwood Gang. The Beijing Group.

Skip to next paragraph

These are three code names bestowed by US experts on a single cyberespionage organization that, from 9 to 5 Beijing time each day, is at work siphoning the crown jewels of US corporations' proprietary data out of their networks – and into computers in China.

In January 2010, Internet search giant Google disclosed that someone had hacked into its network (not to mention 20 other tech companies). That someone was the Elderwood Gang, says a new report by Symantec, a cybersecurity company.

The Symantec report hints at what other US cybersecurity experts are saying with increasing conviction: that Elderwood is one of two large Chinese economic cyberespionage organizations – employing perhaps hundreds of people – which are working to vacuum business ideas and advanced designs from American computer networks.

For example, these experts are now connecting Elderwood and a second Chinese hacking group to attacks on top cybersecurity company RSA, defense-industry giant Lockheed Martin, and perhaps several US natural gas pipeline companies.

It has long been claimed by US cybersecurity experts that cyberspying to harvest intellectual property, rather than quick cash from online bank accounts, was a practice emanating mostly from China. Plausible deniability remains because attribution is so uncertain in cyberspace. Chinese embassy officials in Washington routinely deny any responsibility for cyberespionage on US targets.

Yet there are signs now that the attribution problem is closer to being solved, US experts say.

"We're tracking over a dozen nation-state groups right now that are affiliated with China," says Dmitri Alperovitch, chief technology officer for CrowdStrike, a startup cybersecurity company focused on taking undisclosed "offensive" security measures. "We have a deep understanding of them and attribution down to the individual level. They're operating in China, and we're watching them. Even though they're unlikely be brought to justice in the US, we understand a lot today."

Among the 20 or so identifiable Chinese cyberespionage groups, the two that dwarf the others are the Elderwood Gang and the Comment Crew. The two have many different names, with researchers giving them different monikers. To Dell Secureworks cyber counterspy expert Joe Stewart, they are the Beijing Group and the Shanghai Group because of where their activities seem to originate. To Mr. Alperovitch of CrowdStrike, they are Sneaky Panda and Comment Panda.

Symantec called the first group “Elderwood” because the name appears in a source-code variable used by the attackers. In Google's case, the gang reportedly made off with at least some of the search company's source code – secret algorithms that have made it so successful. Nobody knows exactly how much was stolen from the networks of the other companies.


  • Weekly review of global news and ideas
  • Balanced, insightful and trustworthy
  • Subscribe in print or digital

Special Offer


Doing Good


What happens when ordinary people decide to pay it forward? Extraordinary change...

Danny Bent poses at the starting line of the Boston Marathon in Hopkinton, Mass.

After the Boston Marathon bombings, Danny Bent took on a cross-country challenge

The athlete-adventurer co-founded a relay run called One Run for Boston that started in Los Angeles and ended at the marathon finish line to raise funds for victims.

Become a fan! Follow us! Google+ YouTube See our feeds!