Security vendor CrowdStrike identifies group with ties to the Chinese military targeting U.S. defense and European satellite and aerospace industries A Chinese cyberespionage group operating out of Shanghai has been launching targeted attacks against the U.S. defense and European aerospace industries, a security vendor reported.[U.S. files indictments against Chinese officials for espionage]Dubbed Putter Panda, the group has connections to the People’s Liberation Army, CrowdStrike said in a report released Monday. The vendor has been tracking the group since 2012.The domains associated with the command and control server of the Putter Panda malware appeared to have been registered by a Chen Ping, aka “cpyy,” the report said. “Putter Panda is a determined adversary group, conducting intelligence-gathering operations targeting the government, defense, research and technology sectors in the United States, with specific targeting of the U.S. defense and European satellite and aerospace industries,” the report said.The group is connected with the PLA’s Third General Staff Department, which is generally acknowledged to be China’s “premier signals intelligence (SIGINT) collection and analysis agency,” CrowdStrike said. Domains used to control Putter Panda malware were registered to an address corresponding to the General Staff Department Unit 61486 headquartered in Shanghai.CrowdStrike found a wide set of tools used by the attackers, including several remote access tools used to steal intelligence. The toolset enabled the hackers to exercise a “wide degree of control” over the compromised systems.The exploits were focused on popular productivity applications, such as Adobe Reader and Microsoft Office. The custom malware used was delivered through targeted email attacks.CrowdStrike believed the Putter Panda group has been operating at least since 2007. The vendor listed a number of registry and file system artifacts and host indicators that would indicate a machine had been compromised.[DOJ throws down the gauntlet with cyber crime charges against Chinese military]The report comes three weeks after the U.S. Justice Department announced indictments against five Chinese military officials accused of hacking and economic espionage. The group targeted organizations in the U.S. nuclear power, metals and solar products industries. Related content news Arm patches bugs in Mali GPUs that affect Android phones and Chromebooks The vulnerability with active exploitations allows local non-privileged users to access freed-up memory for staging new attacks. By Shweta Sharma Oct 03, 2023 3 mins Android Security Android Security Mobile Security news UK businesses face tightening cybersecurity budgets as incidents spike More than a quarter of UK organisations think their cybersecurity budget is inadequate to protect them from growing threats. By Michael Hill Oct 03, 2023 3 mins CSO and CISO Risk Management news Cybersecurity experts raise concerns over EU Cyber Resilience Act’s vulnerability disclosure requirements Open letter claims current provisions will create new threats that undermine the security of digital products and individuals. By Michael Hill Oct 03, 2023 4 mins Regulation Compliance Vulnerabilities feature The value of threat intelligence — and challenges CISOs face in using it effectively Knowing the who, what, when, and how of bad actors and their methods is a boon to security, but experts say many teams are not always using such intel to their best advantage. By Mary K. Pratt Oct 03, 2023 10 mins CSO and CISO Advanced Persistent Threats Threat and Vulnerability Management Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe