US security technology group Crowdstrike has identified another cyber espionage group with links to the Chinese military, which has been systematically attacking US and European government partners in the space and satellite industry, according to the company.
According to Crowdstrike, the espionage entity, dubbed Putter Panda, has several connections to Comment Panda, the group previously attributed to the the Chinese army's secretive Unit 61398 — of which the five men indicted by the US government for alleged hacking activities last month belonged.
A 63-page report published by Crowdstrike revealed that Putter Panda operates out of Shanghai, with connections to the People's Liberation Army (PLA) Third General Staff Department, 12th Bureau Military Unit Cover Designator 61486.
The PLA's Third General Staff Department is generally acknowledged to be China's premier signals intelligence collection and analysis agency, according to Crowdstrike, while the 12th Bureau Unit 61486 supports China's space surveillance network.
According to the report, this particular unit is believed to hack into victim companies throughout the world in order to steal corporate trade secrets, primarily relating to the satellite, aerospace and communication industries.
Crowdstrike said it had been tracking the activity of the cyber espionage group since 2012, under the codename Putter Panda, and has documented activity of the group back to 2007.
The report identifies 35-year-old Chen Ping, aka cpyy, as an individual responsible for the domain registration for the Command and Control of Putter Panda malware, along with the primary location of Unit 61486 in Shanghai.
Crowdsrike has labelled Putter Panda a "determined adversary group", indicating that the entity conducts intelligence-gathering operations targeting the US government, defence, research, and technology sectors, with specific targets within the country's defence and European satellite and aerospace industries.
The report reveals that domains registered by Chen were used to control Putter Panda malware, with the domains registered to a Shanghai address corresponding to the physical location of the Unit 61486 headquarters.
Crowdstrike said that a wide set of tools had been used by Putter Panda, including several remote access trojans attached to emails, along with other malware, to obtain a wide degree of control over a victim system, and could also provide the opportunity to deploy additional tools at will.
The findings come as relations between China and the US become frayed after a series of cyber espionage accusations between the two countries — triggered, to a large extent, by the data-gathering activities undertaken by the US National Security Agency's Prism program, made public by whistle-blower Edward Snowden.
Just last week, Chinese state media broadcaster, Chinese Central Television (CCTV) ran a news report suggesting Windows 8 was a "potential threat" to the country's information security.