Cyber armies around the world wage silent warfare on a daily basis.

The World’s 5 Most Prolific Cyber Armies

Every day, cyber armies around the world, government-sanctioned or otherwise, wage a silent information war.

The number of hacking attacks on governments and institutions has grown rapidly over the last decade.

For instance, since 2006, the number of incidents reported to the U.S. cyberdefense task force, the Computer Emergency Readiness Team, increased sevenfold.

And while some cyber armies are officially created and operated by governments, others operate independently, while others occupy a murky in-between.

The following are five of the world’s most prolific cyber armies:

1. The People’s Liberation Army Unit 61398

AKA: 61398部队, “Byzantine Candor”

First approximate appearance: 2004

Most known for: the five members charged by the Department of Defense in 2014 for business espionage and malware hacking of U.S. computers.

Its operations are considered a state secret, and officials have denied all allegations, but Unit 61398 of the Chinese Army is widely believed to be actively involved in cyber crime and espionage.

In a three-year investigation of the Unit, security company Mandiant found that it has “systematically stolen hundreds of terabytes of data from at least 141 organizations.” This includes technology blueprints, manufacturing processes data, pricing documents, emails and contact lists.

The organizations relies on an extensive network of computers in 13 countries, the  majority of which are located in China but more than 100 in the US.

Whether the Unit had attacked government infrastructure is unclear but the Mandiant report found that it is capable of infiltrating dozens of organization at a time, has a staff of hundreds if not thousands, and is equipped with a “special fiber optic communication infrastructure” provided by a state-owned company.

2. United States Cyber Command


First appearance: 2009

Most known for: Being the first government agency to officially acknowledge that it intends to build offensive cyber capabilities

Although the US government has experienced cyber attacks as far back as 1998, it did not create a unified cyber army command until 2009, instead relying on information security from the NSA and the CIA.

However, its cyber capabilities have been rapidly accelerated since then, creating a fighting force that’s expected to reach 6,000 people by 2016.

This force is aimed at not only defending US public and private networks, but being able to destroy and sabotage adversary’s systems and cyber capabilities.

3. Russia’s shadow hacker network

AKA: “Net NGOs

First appearance: 2007, although allegations of online propaganda “brigades” go back to 2003

Most known for: Distributed Denial of Service attacks on Estonia in 2007 and Georgia in 2008, shutting down government websites and services

Russia has only very recently announced the creation of a cyber warfare unit in its armed forces. However, it has long been expected of coordinating a patchwork of criminal and volunteer hackers that can carry out its bidding, hacking into foreign government and company websites.

This includes the Russian Business Network, a notorious hub for cybercrime such as child pornography, spamming and identity theft, as well as members of the pro-Putin youth group Nashi.

“Unlike China,” writes Jeffrey Car on the cyber security blog Digital Dao, “Russian cyber operations are rarely discovered, which is the true measure of a successful op.”

In other words, such a network would provide Russia with a highly plausible deniability.

4. Military Intelligence Unit 8200

AKA: יחידה 8200, “eight-two hundred”

First appearance: 1952

Most known for: The 2009 Stuxnet worm that sabotaged as many as 1,000 nuclear centrifuges in Iran, delaying its nuclear program

Operating in tandem with Israel’s highly advanced civilian tech sector, Unit 8200 of the Israeli Defence Forces is something of a combo of the NSA and USCYBERCOM.

It has existed since 1952, conducting electronic surveillance both inside and outside of the country. In recent years, however, coinciding with the boom in the Israeli high-tech industry, Unit 8200 has grown to several thousand soldiers, capable of both cyber defense and offense.

Many of its efforts are concentrated towards its rival Iran, including the Stuxnet worm and the Flame virus that allows operators to monitor a computer users’ every move.

5. Syrian Electronic Army

AKA: الجيش السوري الإلكتروني

First appearance: 2011

Most known for:  Posting a graphic propaganda video on the Twitter account of President Obama’s campaign group

Perhaps the least sophisticated of the organization on this list, the SEA makes up for it with sheer persistence.

The group, which supports Syrian President Bashar al-Assad, has carried out hundreds of denial of service and defacement attacks against foreign websites.

Targets included the sites of Harvard, the New York Times, the recruiting site for the US Marines, Microsoft, and eBay (Wikipedia has a more complete list).

Attacks mostly consist of hacking the front end of the website to display pro-Assad propaganda, but the group has also temporarily shut down sites and posted fake Tweets and YouTube videos.

It’s not clear how closely related the SEA is to the Syrian government – though it’s suspected that many are based outside of Syria and are proficient in English – but their loyalty to Assad is unquestionable.

We measure success by the understanding we deliver. If you could express it as a percentage, how much fresh understanding did we provide?
Ole Skaar