More Chinese Military Espionage Links Revealed
CrowdStrike reveals new details about Chinese cyber-espionage in a campaign dubbed "Putter Panda." Is it just more of the same, or is it something new?In a report published on June 9, security firm CrowdStrike revealed new details about Chinese military cyber-espionage against the United States in a campaign it has dubbed "Putter Panda." The Putter Panda campaign, referred to by other security firms as MSUpdater, has been ongoing since at least 2012. The CrowdStrike disclosure on the Putter Panda campaign identifies hacking efforts that are likely directly tied to the Chinese People's Liberation Army (PLA) 3rd Department, 12th Bureau, Unit 61486. The efforts of Unit 61486 are likely loosely coupled with those of Unit 61398, members of which were recently indicted by the U.S. Department of Justice. The Justice Department charged five Chinese military officers attached to Unit 61398 with attacking U.S. firms in a bid to extract competitive industrial intelligence information. George Kurtz, CEO of CrowdStrike, told eWEEK that the response from China to the Unit 61398 indictments was a motivating factor for him to release the report on Putter Panda. The Chinese basically responded that they don't hack American companies, he said. "We were just a little bit tired of the rhetoric coming back from China that they don't hack," Kurtz said. "We're in the field doing incident response for some of the largest organizations in the world, and we're seeing firsthand what is going on and we wanted to put out a report that is a fair representation of the activity we see that is tied to China."
Concerning the name "Putter Panda," Kurtz explained that his firm identifies all threat actors coming out of China with the moniker "panda." The "Putter" part of the name is derived from malicious documents related to the Chinese hacking campaign that a CrowdStrike analyst was working on, in which the sport of golf was mentioned.