A private U.S.-based cybersecurity firm has accused China's secret military unit of spying on government agencies in a bid to benefit Chinese aerospace programs.
According to security firm CrowdStrike, a group with the name of "Putter Panda" is responsible for the espionage. Putter Panda is said to be located in Shanghai, China and operates from buildings that belong to the People's Liberation Army (PLA). Security researchers believe that Putter Panda is a task force in the 61486 unit of the PLA's 12th Bureau.
CrowdStrike claims that Putter Panda had attacked government agency network and defense contractors from 2007. The hacking was primarily focused at U.S. communications and aerospace divisions. The spies are said to have used emails as the mode of attack and targeted regular applications such as Adobe Reader and Microsoft Office to deliver the malware. The security firm revealed that on one occasion, the spying group sent emails with a brochure of a yoga studio that was located in Toulouse, France.
CrowdStrike has also issued a 60-page report detailing the espionage. Refering to Putter Panda, the report says that "they are a determined adversary group, conducting intelligence-gathering operations targeting the Government, Defense, Research, and Technology sectors in the United States, with specific targeting of space, aerospace, and communications."
"CrowdStrike identified Chen Ping, aka cpyy, a suspected member of the PLA responsible for procurement of the domains associated with operations conducted by Putter Panda," added the report.
The security firm has tracked Chen using various social media websites and has identified him as a 35-year old soldier. CrowdStrike found that Chen's email is also linked to blogs and forum postings. Investigators found a photo album on one of the social media websites with the name "office." The album included a picture of a building that CrowdStrike says is located in Shanghai and is the headquarters of the Chinese military unit.
It has not been long since the U.S. accused and indicted five Chinese military officers of cybertheft. The officers allegedly stole trade secrets of U.S.-based private companies to give a competitive advantage to Chinese companies. However, a Chinese spokesperson said that China was not involved in any cybertheft or spying on the trade secrets of U.S. companies.
CrowdStrike said that Putter Panda not only targeted U.S. government agencies, but also directed its attacks towards the European aerospace and satellite industries.