After lying low for a period of almost three months, China’s state-sponsored hackers are at it again, attacking the computer servers of US businesses in a concerted effort to steal classified information. Things are slightly different this time around though, as the hackers are said to be using different techniques in an attempt to cover their tracks.

Once again the news comes from Mandiant, the security firm that first exposed PLA Unit 61398’s activities back in January this year. At that time, the company published a report stating that the military-affiliated group’s main goal was to target and steal classified data from US corporations and government agencies. The Pentagon later published its own report into Mandiant’s findings, saying that it agreed with the assessment that China’s military was waging cyberwar against the US, prompting Beijing to shoot back with its own allegations as the two sides descended into a bitter verbal row.

Mandiant’s initial report made headlines because the firm was able to pinpoint the headquarters of PLA Unit 61398 to a specific office building located in Shanghai’s Pudong district. Mandiant further exposed the group as being the outfit responsible for the infamous 2009 hack of Coca-Cola’s proprietary database, which led to the soft drinks company’s attempted $2.4 billion takeover of China Huiyuan Juice Group falling apart. In addition, Mandiant claimed that PLA Unit 61398 was also responsible for a 2011 attack on US defense contractor RSA. Using stolen data from RSA, the hackers were then able to crack the defenses of a second military contractor, Lockhead Martin.

The Pentagon’s own report pinned the blame squarely on China:

“In 2012, numerous computer systems around the world, including those owned by the U.S. government, continued to be targeted for intrusions, some of which appear to be attributable directly to the Chinese government and military,” said an official earlier this year.

Headquarters of PLA Unit 61398 in Shanghai

With all the heat generated by Mandiant’s expose of its activities, PLA Unit 61398 did the ‘diplomatic’ thing and immediately shut down all of its operations, even going as far as to remove malware on some of the systems it had hijacked. Unfortunately for the US however, it seems as if you just can’t keep a good hacker down – just three months later and they’re said to be back in business. Mandiant says that the group’s activity has returned to about 70% of what it was prior to being discovered last time around. It refused to reveal any of the companies or agencies that have been attacked this time around, however it did admit that many of those being hacked now had been on the PLA’s hit list before.

No doubt the hackers will be furious with themselves for being caught so soon after restarting their efforts – according to Mandiant, they’ve been using different computers to insert their remote access tools in a bid to remain undetected. Nevertheless, it’s unlikely that their efforts will be deterred simply because they’ve been exposed once again. As the New York Times reports, China has consistently denied the accusations against it, instead calling out the US as the “real hacking empire” for the attacks its believed to have carried out against Iran.