The espionage group likely worked on behalf of the Chinese People's Liberation Army (PLA), CrowdStrike found.
The espionage group likely worked on behalf of the Chinese People's Liberation Army (PLA), CrowdStrike found.

A security firm has detailed the exploits of a China-based cyber espionage group, which has targeted U.S. and European satellite and aerospace industries since at least 2007.

On Monday, CrowdStrike, an Irvine, Calif.-based company that helps organizations identify advanced threats and targeted attacks, released a 62-page report on the group, dubbed “Putter Panda.”

Putter Panda is believed to have carried out its spying on behalf of a division within the Third Department of the Chinese People's Liberation Army (PLA) – Unit 61486, headquartered in Shanghai. The unit supports China's space surveillance network, the report said.

Last month, the U.S. indicted five Chinese nationals, who were officers of another unit under PLA's Third Department, Unit 61398. The men in that unit were accused of conspiring to hack into the computers of six U.S. companies in order to steal trade secrets.

At the time, U.S. Attorney General Eric Holder called the arrests “the first ever charges against known state actors for infiltrating U.S. commercial targets by cyber means.”

In CrowdStrike's new findings, researchers uncovered evidence of the Putter Panda group (or PLA Unit 61486) and Unit 61398 (also called APT1)  sharing resources to spy on U.S. organizations. “APT1” is the name security firm Mandiant bestowed upon PLA Unit 61398 when it released its 2013 report detailing the massive data theft operation.

According to CrowdStrike's report, Putter Panda has focused its intelligence-gathering operations on U.S. entities within the government, defense, research and technology sectors. The group used remote access trojans (RATs), among other tools, which were delivered via spear phishing emails to control target's systems.

To infect victims, attackers targeted users running vulnerable versions of Adobe Reader and Microsoft Office applications. Email attachments were rigged to install custom malware on victims' computers, the CrowdStrike report revealed.

Adam Meyers, CrowdStrike's vice president of intelligence, told SCMagazine.com in a Tuesday interview that Putter Panda's sights were set on “anything tied to global communications,” as they targeted satellite communications platforms, GPS platforms and sensors that might be used for military purposes.