Last month the Department of Justice indicted five Chinese military officers in connection with illegal international hacking. The officials were all from the People’s Liberation Army’s covert Unit 61398. Now a new report claims that in addition to the earlier charges of hacking U.S. corporations and stealing trade secrets, this unit has also been hacking American and European space and satellite contractor networks.
The cybersecurity defense firm CrowdStrike is calling the initiative Putter Panda, a take on Comment Panda, the firm’s name for the hacking identified by the DoJ last month. In the 63-page report, the group points out that Putter Panda and Comment Panda have a lot in common, which points to a shared origin at Unit 61398. Both Pandas do their surveillance work in Shanghai and are connected to the PLA’s Third General Staff Department, 12th Bureau Military Unit Cover Designator 61486. According to CrowdStrike, this unit gathers intelligence about space initiatives worldwide. The report explains:
They are a determined adversary group, conducting intelligence-gathering operations targeting the Government, Defense, Research, and Technology sectors in the United States, with specific targeting of space, aerospace, and communications.
The group has been operating since at least 2007 and has been observed heavily targeting the US Defense and European satellite and aerospace industries.
The unit has launched a variety of malware attacks—using techniques like trojans and malicious email attachments—to gain deep access into a number of U.S. and European aerospace networks. The information comes as hacking accusations have made relations between China and the U.S. increasingly tense. It’s time for everyone to call in their extendable ears.