Despite the multiple vectors that can be used to facilitate a breach, goals remain relatively limited and increasingly revolve around poaching sensitive intellectual property or trade secrets.  Cybercrime has also shown an increased predilection towards being committed by highly organized teams, often backed by governments. In May, the Department of Justice (DOJ) charged five Chinese hackers with associations to the Chinese People’s Liberation Army for stealing information on United States infrastructure. Now less than a month later, a second unit has been caught attempting to take similar pieces of information.

Crowdstrike, a network research organization, released a report on June 9 that says a group named Putter Panda has engaged in repeated attempts to steal information from European and American organizations since 2007.

According to the report, the group “conducts operations from Shanghai, China, likely on behalf of the Chinese People’s Liberation Army (PLA) 3rd Department 12th Bureau Unit 61486. Putter Panda is a determined adversary group, conducting intelligence-gathering operations targeting the Government, Defense, Research, and Technology sectors in the United States, with specific targeting of space, aerospace, and communications.”

The report pins Chinese national Chen Ping as the mastermind of the group. Under the online pseudonym “cpyy,” Ping registered domains associated with Putter Panda malware. The organization is responsible for the creation of a variety of malware programs, the most virulent of which allows the organizations to remotely access of infected computers.

By adding a bit of social engineering to their strategy, the organization was able to deploy Malware via email to individuals at targeted companies. In one instance, the emails were disguised as offers for yoga classes to members at organizations who practiced yoga. Upon opening the email attachment, computers would download the malware program, allowing the group to view and alter materials stored on the device.

Currently, Crowdstrike has said it’s tracking more than 20 hacker groups with ties to the Chinese government and says that their goal is to bring culpability to such attacks.

Thus far the Chinese government has flatly denied allegations of organized cyber-tactics and pushed back firmly against the indictments filed by the DOJ last month.  Unit 6148, the unit associated with Putter Panda, is said to have shared resources with members of the indicted group.


For more on data breaches, check out these stories:

Inadequate data breach preparation, response should lead to removing 70 percent of directors at Target says ISS

3 data security best practices learned from FTC enforcement actions

Survey shows gap between awareness, preparation for cyber attacks on intellectual property