Chinese 'Putter Panda' hacking group outed by researchers

Security researchers Crowdstrike claim to have turned the tables on a gang of Chinese hackers who may be connected to the country's military, releasing comprehensive information on the claimed members, as well as images of one person alleged to be involved.

The group is known as "Putter Panda" by security researchers, and Crowdstrike believes it is located in Shanghai, China, housed in buildings belonging to the People's Liberation Army or PLA.

Putter Panda is thought to have been active since 2007 at least. It targets American and European defence and satellite and aerospace industries, using exploits in popular applications such as Adobe Reader and Microsoft's Office productivity suite.

After analysing malware samples, CrowdStrike found several email addresses for domain registrations containing the moniker 'cpyy'.

The researchers went through image storage sites, blogs and other forums and discovered a man whose initials match the registrations, and who also had posted pictures of office buildings belonging to the Third General Staff Department, 12th Bureau, which the Project 2049 Institute claim is China's primary SigInt collection and analysis agency, with around 130,000 staff.

According to Crowdstrike, cpyy also posted photographs with two PLA Type 07 officer's peak hats and of himself in uniform, strengthening the military connection.

In May this year, the United States commenced legal proceedings against another group of prolific hackers thought to be connected to the PLA in Shanghai, allegations that were strenously denied by the Chinese government.

That group, called Comment Panda, is believed by Crowdstrike to be connected to Putter Panda, with what the researchers say is "a degree of organisational overlap" between the two.

Chief executive and co-founder of Crowdstrike, George Kurtz, says that the documents were released to counter China's denials and statements that the country's government and military have never engaged in cyber theft of trade secrets.

"We believe that organisations, be they governments or corporations, global or domestic, must keep up the pressure and hold China accountable until lasting change is achieved," Kurtz said.

He called China's long economic espionage campaign "massive and unrelenting", saying it targetted companies and government in every part of the globe.

CrowdStrike has published a free technical analysis to support its claims.