A shadowy hacking group believed to be affiliated with the Chinese military has spent years infiltrating the American aerospace industry and US trading partners in the space industry, a US cybersecurity company said Monday.
Officials from CrowdStrike accused the Shanghai-based unit 61486 of the People’s Liberation Army 12th bureau of attacking American and other western networks in cyber-assaults that date back at least as far as to 2007. The space, aerospace and communications sectors were targeted via “popular productivity applications such as Adobe Reader and Microsoft Office to deploy custom malware through targeted email attacks,” CrowdStrike said, according to a Reuters report.
A full list of accusations, including phishing emails and Trojan horse documents were outlined in a 62-page report published Monday by CrowdStrike, which conducts forensic investigations for customers who have endured invasive security breaches. When a target downloads or clicks on a certain document, for instance, they could find their entire computer taken over. The hackers then use that power to steal housing blueprints, consumer lists, servers, and other sensitive data, Ars Technica reported.
The group in question is unofficially known as Putter Panda.
“Putter Panda is a determined adversary group, conducting intelligence-gqathering operations targeting the Government, Defense, Research, and Technology sectors in the United States, with specific targeting of the US Defense and European satellite and aerospace industries,” the researchers wrote. “The PLA’s GSD Third Department is generally acknowledged to be China’s premier Signals Intelligence (SIGINT) collection and analysis agency, and the 12th Bureau Unit 61486, headquartered in Shanghai, supports China’s space surveillance network.”
CrowdStrike’s report, which the company said it is publishing to show how deeply the problem is entrenched, comes less than three weeks after the US Justice Department, in a surprise move, unsealed indictments against five members of a People’s Liberation Army hacker unit that allegedly stole trade secrets from the US.
Chinese officials denied that the Justice Department’s assertions had any legitimacy, in part because the US National Security agency has launched so many attacks of its own.
“For a long time, governments and enterprises of a few countries have gathered sensitive information on a large scale,” Jiang Jun, a spokesman for the state Internet Information Office, told state-controlled Xinhua News Agency, “taking advantage of their monopoly in the market and technological edge. They not only seriously undermine the interests of their clients but also threaten cyber security of other countries.”
That response prompted CrowdStrike’s co-founder Dmitri Alperovitch to consult with US intelligence and Justice Department officials, who said he authorized the report’s disclosure Monday.
“After the Chinese response, where they basically said this is all fabricated, we said why don’t we unleash something that’s undeniable,” Alperovitch told Reuters.