Security vendor CrowdStrike identifies group with ties to the Chinese military targeting U.S. defense and European satellite and aerospace industries A Chinese cyberespionage group operating out of Shanghai has been launching targeted attacks against the U.S. defense and European aerospace industries, a security vendor reported.[U.S. files indictments against Chinese officials for espionage]Dubbed Putter Panda, the group has connections to the People’s Liberation Army, CrowdStrike said in a report released Monday. The vendor has been tracking the group since 2012.The domains associated with the command and control server of the Putter Panda malware appeared to have been registered by a Chen Ping, aka “cpyy,” the report said. “Putter Panda is a determined adversary group, conducting intelligence-gathering operations targeting the government, defense, research and technology sectors in the United States, with specific targeting of the U.S. defense and European satellite and aerospace industries,” the report said.The group is connected with the PLA’s Third General Staff Department, which is generally acknowledged to be China’s “premier signals intelligence (SIGINT) collection and analysis agency,” CrowdStrike said. Domains used to control Putter Panda malware were registered to an address corresponding to the General Staff Department Unit 61486 headquartered in Shanghai.CrowdStrike found a wide set of tools used by the attackers, including several remote access tools used to steal intelligence. The toolset enabled the hackers to exercise a “wide degree of control” over the compromised systems.The exploits were focused on popular productivity applications, such as Adobe Reader and Microsoft Office. The custom malware used was delivered through targeted email attacks.CrowdStrike believed the Putter Panda group has been operating at least since 2007. The vendor listed a number of registry and file system artifacts and host indicators that would indicate a machine had been compromised.[DOJ throws down the gauntlet with cyber crime charges against Chinese military]The report comes three weeks after the U.S. Justice Department announced indictments against five Chinese military officials accused of hacking and economic espionage. The group targeted organizations in the U.S. nuclear power, metals and solar products industries. Related content brandpost Unmasking ransomware threat clusters: Why it matters to defenders Similar patterns of behavior among ransomware treat groups can help security teams better understand and prepare for attacks By Joan Goodchild Sep 21, 2023 3 mins Cybercrime news analysis China’s offensive cyber operations support “soft power” agenda in Africa Researchers track Chinese cyber espionage intrusions targeting African industrial sectors. By Michael Hill Sep 21, 2023 5 mins Advanced Persistent Threats Cyberattacks Critical Infrastructure brandpost Proactive OT security requires visibility + prevention You cannot protect your operation by simply watching and waiting. It is essential to have a defense-in-depth approach. By Austen Byers Sep 21, 2023 4 mins Security news Gitlab fixes bug that exploited internal policies to trigger hostile pipelines It was possible for an attacker to run pipelines as an arbitrary user via scheduled security scan policies. By Shweta Sharma Sep 21, 2023 3 mins Vulnerabilities Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe