Titan Rain

Last updated
Lockheed Martin Aeronautics Discussion Lockheed Martin Aeronautics Discussion.jpg
Lockheed Martin Aeronautics Discussion

Titan Rain was a series of coordinated attacks on computer systems in the United States since 2003; they were known to have been ongoing for at least three years. [1] The attacks originated in Guangdong, China. [2] The activity is believed to be associated with a state-sponsored advanced persistent threat. It was given the designation Titan Rain by the federal government of the United States.


Titan Rain hackers gained access to many United States defense contractor computer networks, which were targeted for their sensitive information, [1] including those at Lockheed Martin, Sandia National Laboratories, Redstone Arsenal, and NASA.


The attacks are reported to be the result of actions by People's Liberation Army Unit 61398. [3] These hackers attacked both the US government (Defense Intelligence Agency) and the UK government (Ministry of Defence). In 2006, an "organised Chinese hacking group" shut down a part of the UK House of Commons computer system. [4] The Chinese government has denied responsibility.


The U.S. government has blamed the Chinese government for the 2004 attacks. Alan Paller, SANS Institute research director, stated that the attacks came from individuals with "intense discipline" and that "no other organization could do this if they were not a military". Such sophistication has pointed toward the People's Liberation Army as the attackers. [5]

Titan Rain reportedly attacked multiple organizations, such as NASA and the FBI. Although no classified information was reported stolen, the hackers were able to steal unclassified information (e.g., information from a home computer) that could reveal strengths and weaknesses of the United States. [6]

The U.S. Department of the Treasury, Washington, D.C. The US Treasury Department.jpg
The U.S. Department of the Treasury, Washington, D.C.

Titan Rain has also caused distrust between other countries (such as the United Kingdom and Russia) and China. The United Kingdom has stated officially that Chinese hackers attacked its governmental offices. Titan Rain has caused the rest of the world to be more cautious of attacks not just from China but from other countries as well.

See also

Related Research Articles

Cyberterrorism is the use of the Internet to conduct violent acts that result in, or threaten, the loss of life or significant bodily harm, in order to achieve political or ideological gains through threat or intimidation. Acts of deliberate, large-scale disruption of computer networks, especially of personal computers attached to the Internet by means of tools such as computer viruses, computer worms, phishing, malicious software, hardware methods, programming scripts can all be forms of internet terrorism. Cyberterrorism is a controversial term. Some authors opt for a very narrow definition, relating to deployment by known terrorist organizations of disruption attacks against information systems for the primary purpose of creating alarm, panic, or physical disruption. Other authors prefer a broader definition, which includes cybercrime. Participating in a cyberattack affects the terror threat perception, even if it isn't done with a violent approach. By some definitions, it might be difficult to distinguish which instances of online activities are cyberterrorism or cybercrime.

Shawn R. Carpenter is a cyber security analyst and whistleblower who tracked down a Chinese cyberespionage ring that is code-named Titan Rain by the FBI. He came to national attention when his story was reported on in the September 5, 2005 issue of Time magazine.

<span class="mw-page-title-main">Cyberwarfare</span> Use of digital attacks against a nation

Cyberwarfare is the use of cyber attacks against an enemy state, causing comparable harm to actual warfare and/or disrupting vital computer systems. Some intended outcomes could be espionage, sabotage, propaganda, manipulation or economic warfare.

Moonlight Maze was a 1999 US government investigation into a massive data breach of classified information. It started in 1996 and affected NASA, the Pentagon, military contractors, civilian academics, the DOE, and numerous other American government agencies. By the end of 1999, the Moonlight Maze task force was composed of forty specialists from law enforcement, military, and government. The investigators claimed that if all the information stolen was printed out and stacked, it would be three times the height of the Washington Monument, which is 555 ft (169 m) tall. The Russian government was blamed for the attacks, although there was initially little hard evidence to back up the US accusations besides a Russian IP address that was traced to the hack. Moonlight Maze represents one of the first widely known cyber espionage campaigns in world history. It was even classified as an Advanced Persistent Threat after two years of constant assault. Although Moonlight Maze was regarded as an isolated attack for many years, unrelated investigations revealed that the threat actor involved in the attack continued to be active and employ similar methods until as recently as 2016.

GhostNet is the name given by researchers at the Information Warfare Monitor to a large-scale cyber spying operation discovered in March 2009. The operation is likely associated with an advanced persistent threat, or a network actor that spies undetected. Its command and control infrastructure is based mainly in the People's Republic of China and GhostNet has infiltrated high-value political, economic and media locations in 103 countries. Computer systems belonging to embassies, foreign ministries and other government offices, and the Dalai Lama's Tibetan exile centers in India, London and New York City were compromised.

Operation Aurora was a series of cyber attacks conducted by advanced persistent threats such as the Elderwood Group based in Beijing, China, with ties to the People's Liberation Army. First publicly disclosed by Google on January 12, 2010, in a blog post, the attacks began in mid-2009 and continued through December 2009.

An advanced persistent threat (APT) is a stealthy threat actor, typically a state or state-sponsored group, which gains unauthorized access to a computer network and remains undetected for an extended period. In recent times, the term may also refer to non-state-sponsored groups conducting large-scale targeted intrusions for specific goals.

Byzantine Foothold is the unclassified code name related to a United States Department of Defense effort within the larger Cyber Initiative framework, specifically aimed at curbing and preventing foreign intrusions into the computer networks of US federal agencies. It has been said that this threat is related to ongoing efforts by Chinese hackers of the Peoples Liberation Army, but no public documentation is available which would prove that was the case.

<span class="mw-page-title-main">Chinese espionage in the United States</span>

The United States has often accused the government of China of attempting unlawfully to acquire U.S. military technology and classified information as well as trade secrets of U.S. companies in order to support China's long-term military and commercial development. Chinese government agencies and affiliated personnel have been accused of using a number of methods to obtain U.S. technology, including espionage, exploitation of commercial entities, and a network of scientific, academic and business contacts. Prominent espionage cases include Larry Wu-tai Chin, Katrina Leung, Gwo-Bao Min, Chi Mak and Peter Lee. The Ministry of State Security (MSS) maintains a bureau dedicated to espionage against the United States, the United States Bureau.

Cyberwarfare is the use of computer technology to disrupt the activities of a state or organization, especially the deliberate attacking of information systems for strategic or military purposes. As a major developed economy, the United States is highly dependent on the Internet and therefore greatly exposed to cyber attacks. At the same time, the United States has substantial capabilities in both defense and power projection thanks to comparatively advanced technology and a large military budget. Cyber warfare presents a growing threat to physical systems and infrastructures that are linked to the internet. Malicious hacking from domestic or foreign enemies remains a constant threat to the United States. In response to these growing threats, the United States has developed significant cyber capabilities.

Cyberwarfare by China is the aggregate of all combative activities in the cyberspace which are taken by organs of the People's Republic of China, including affiliated advanced persistent threat groups, against other countries.

Cyberweapons are commonly defined as malware agents employed for military, paramilitary, or intelligence objectives as part of a cyberattack. This includes computer viruses, trojans, spyware, and worms that can introduce malicious code into existing software, causing a computer to perform actions or processes unintended by its operator.

A cyberattack is any offensive maneuver that targets computer information systems, computer networks, infrastructures, personal computer devices, or smartphones. An attacker is a person or process that attempts to access data, functions, or other restricted areas of the system without authorization, potentially with malicious intent. Depending on the context, cyberattacks can be part of cyber warfare or cyberterrorism. A cyberattack can be employed by sovereign states, individuals, groups, societies or organizations and it may originate from an anonymous source. A product that facilitates a cyberattack is sometimes called a cyber weapon. Cyberattacks have increased over the last few years. A well-known example of a cyberattack is a distributed denial of service attack (DDoS).

<span class="mw-page-title-main">PLA Unit 61398</span> Chinese advanced persistent threat unit

PLA Unit 61398 is the Military Unit Cover Designator (MUCD) of a People's Liberation Army advanced persistent threat unit that has been alleged to be a source of Chinese computer hacking attacks. The unit is stationed in Pudong, Shanghai.

PLA Unit 61486 is a People's Liberation Army unit dedicated to cyberattacks on American, Japanese, and European corporations focused on satellite and communications technology. It is a unit that takes part in China's campaign to steal trade and military secrets from foreign targets.

<i>Reverse Deception</i>

Reverse Deception: Organized Cyber Threat Counter-Exploitation is a book by Sean Bodmer, Max Kilger, Gregory Carpenter, and Jade Jones. It investigates methods and criteria to address organizational responses to Advanced Persistent Threats and cyber deception. It details how to identify APTs and prioritize actions by applying skilled, field-tested private and government sector processes and methods, which often involve cyber deception.

Red Apollo is a Chinese state-sponsored cyberespionage group which has operated since 2006. In a 2018 indictment, the United States Department of Justice attributed the group to the Tianjin State Security Bureau of the Ministry of State Security.

A global wave of cyberattacks and data breaches began in January 2021 after four zero-day exploits were discovered in on-premises Microsoft Exchange Servers, giving attackers full access to user emails and passwords on affected servers, administrator privileges on the server, and access to connected devices on the same network. Attackers typically install a backdoor that allows the attacker full access to impacted servers even if the server is later updated to no longer be vulnerable to the original exploits. As of 9 March 2021, it was estimated that 250,000 servers fell victim to the attacks, including servers belonging to around 30,000 organizations in the United States, 7,000 servers in the United Kingdom, as well as the European Banking Authority, the Norwegian Parliament, and Chile's Commission for the Financial Market (CMF).


  1. 1 2 Bodmer, Sean; Kilger, Max; Carpenter, Gregory; Jones, Jade (July 24, 2012). Reverse Deception: Organized Cyber Threat Counter-Exploitation. New York: McGraw-Hill Osborne Media. ISBN   978-0071772495.
  2. Thornburgh, Nathan (2005-08-29). "The Invasion of the Chinese Cyberspies (And the Man Who Tried to Stop Them)". Time.
  3. "Connect the Dots on State-Sponsored Cyber Incidents - Titan Rain".
  4. Norton-Taylor, Richard (September 5, 2007). "Titan Rain - how Chinese hackers targeted Whitehall". The Guardian. Retrieved 2018-05-10.
  5. "The lesson of Titan Rain: Articulate the dangers of cyber attack to upper management". Homeland Security News Wire. December 14, 2005. Retrieved 2018-05-10.
  6. "The 7 worst cyberattacks in history (that we know about)". Dvice. September 22, 2010. Archived from the original on November 12, 2014.