Cyber Espionage Group Identified

Tuesday, June 10, 2014 @ 06:06 PM gHale

There is a newly discovered cyber-espionage group that researchers said works with the Chinese military.

Code-named Putter Panda, the group act on behalf of the People’s Liberation Army (PLA) Third General Staff Department 12th Bureau Unit 61486, which has its headquarters in Shanghai and supports China’s space surveillance network, said researches at the security company CrowdStrike.

The activities of the group include targeted attacks against the U.S. defense and European satellite/aerospace industries, conducted through exploits for popular applications like Adobe Reader and Microsoft Office, the payload generally delivered through email messages, the researchers said.

Iranian Spies Focus on U.S., Israeli Officials
Big Data a Cyber Protector
ARC: Securing Internet of Things
Home Automation Devices Open to Attack

Putter Panda has had its hand in cyber espionage operations since at least 2007, although the security firm began tracking them in 2012. Previous occurrences of the Chinese group went under the MSUpdater moniker.

CrowdStrike labeled them as a “determined adversary group, conducting intelligence-gathering operations targeting government, defense, research, and technology sectors in the United States, with specific targeting of space, aerospace, and communications.”

According to the 62-page report, 35-year-old Chen Ping (a.k.a. cpyy) has been identified as one of the team members, who is the registrant for several domains used for command and control of Putter Panda malware.

It is not clear whether Chen Ping is the real name, but CrowdStrike findings suggest so because deeper investigation revealed multiple email addresses associated with the “cpyy” handle.

In addition, the firm found a personal blog for “cpyy,” sharing information tying him to a military and police job and to interests in the topics of networking and programming.

CrowdStrike also relays information about Putter Panda’s connection to Comment Panda, a group also involved in cyber espionage activities against US corporations.

Officials opened indictments against five Chinese men from a grand jury in the Western District of Pennsylvania (WDPA) “for computer hacking and economic espionage” targeting victims in nuclear power, metals and solar products industries.

The report on the Putter Panda group contains detailed information about Chen Ping, based on various pieces of evidence gathered from online image repositories, as well as social network websites and forums.

The document also contains the highlights of technical analysis previously performed by CrowdStrike on some Remote Access Tools (RATs) – 4H RAT and 3PARA RAT – employed by Putter Panda to carry out their mission.

Leave a Reply

You must be logged in to post a comment.