A new report released by California-based cyber securities company CrowdStrike reveals more evidence of online spying and espionage committed against European, US, and Japanese government entities in the space/satellite industries by what is very likely to be Shanghai-based units of China’s People’s Liberation Army (PLA). Dubbed “Putter Panda” (because these hackers would often target “golf-playing conference attendees”), this latest group of hackers have been identified by the NSA as PLA Unit 61486. George Kurtz, a co-founder of CrowdStrike, say that recent indictments by the US against alleged PLA hackers are “just the very tip of the iceberg,” and despite increased awareness “the Chinese are not slowing down. They keep plowing away.” Is anybody else turned on by that description?
Putter Panda’s methods of hacking, allegedly, have been sending fake brochures in e-mails that, once opened, “allowed hackers to to sidestep their victim’s network security and steal closely guarded satellite technology.” Examples of these fake brochures include invitations to aerospace and satellite conferences, job posting, and in one particularly amusing case, a yoga studio in Toulouse, France. Very sorry, Mr. Miyamoto of Japan Satellite Technology Inc., but it looks as if you’re going to have get your Pilates on in Bali this year instead..
The NYT reports, “Crowdstrike’s forensic investigation revealed that Unit 61486 took steps to hide their origins – by using compromised foreign websites to launch their attacks, for instance – but left behind digital traces of their identities and whereabouts…” — (n00000bz lol) — “…In one case, an attacker deployed a remote access…from a web domain registered to an email address that belonged to a onetime student at the School of Information Security Engineering at Shanghai Jiaotong University.”
Other traces of attacks led to photo albums on Picasa of military people hanging with their military friends, doing military things like wearing military hats and spouting military slogans. One album entitled “Office” shows a building that is marked “MILITARY”: After much scrutiny and round-the-clock investigations, the NYTimes concluded that these attacks might possibly have some connection to the military.
Last month, the US charged five PLA officers with hacking into US steel, solar, and nuclear companies. The indicted all belonged to Shanghai-based PLA Unit 61398, whose building is located “off Datong Road, surrounded by restaurants, massage parlors, and a wine importer.” Putter Panda, on the other hand, can be visited “just north of downtown Shanghai in Zhabei district,” in a building inconspicuously marked “MILITARY ZONE.” Researchers say that the two units “in some instances shared computer resources” and communicated with each other.
You do kinda have to hand it to these PLA haXX0rs – despite the fact that everyone who reads a newspaper is clearly up to their tomfoolery, they still keep on “plowing away” with these attacks, as if to turn back to their indictors and say “U MAD BRO?”
[Image via v3.co.uk]
By Alex Stevens