• United States



Chinese cyberspies targeting U.S, European defense, space sectors

Jun 09, 20142 mins
CybercrimeMalwareTechnology Industry

Security vendor CrowdStrike identifies group with ties to the Chinese military targeting U.S. defense and European satellite and aerospace industries

A Chinese cyberespionage group operating out of Shanghai has been launching targeted attacks against the U.S. defense and European aerospace industries, a security vendor reported.

[U.S. files indictments against Chinese officials for espionage]

Dubbed Putter Panda, the group has connections to the People’s Liberation Army, CrowdStrike said in a report released Monday. The vendor has been tracking the group since 2012.

The domains associated with the command and control server of the Putter Panda malware appeared to have been registered by a Chen Ping, aka “cpyy,” the report said.

“Putter Panda is a determined adversary group, conducting intelligence-gathering operations targeting the government, defense, research and technology sectors in the United States, with specific targeting of the U.S. defense and European satellite and aerospace industries,” the report said.

The group is connected with the PLA’s Third General Staff Department, which is generally acknowledged to be China’s “premier signals intelligence (SIGINT) collection and analysis agency,” CrowdStrike said.

Domains used to control Putter Panda malware were registered to an address corresponding to the General Staff Department Unit 61486 headquartered in Shanghai.

CrowdStrike found a wide set of tools used by the attackers, including several remote access tools used to steal intelligence. The toolset enabled the hackers to exercise a “wide degree of control” over the compromised systems.

The exploits were focused on popular productivity applications, such as Adobe Reader and Microsoft Office. The custom malware used was delivered through targeted email attacks.

CrowdStrike believed the Putter Panda group has been operating at least since 2007. The vendor listed a number of registry and file system artifacts and host indicators that would indicate a machine had been compromised.

[DOJ throws down the gauntlet with cyber crime charges against Chinese military]

The report comes three weeks after the U.S. Justice Department announced indictments against five Chinese military officials accused of hacking and economic espionage. The group targeted organizations in the U.S. nuclear power, metals and solar products industries.