US traces Putter Panda malware to China
Space, aerospace and communications industries targeted, claims security firm Crowdstrike
A US security firm has accused the Chinese government of conducting a sophisticated cyber espionage campaign against US and European businesses, in another revelation that will further strain relations between the two nations.
Crowdstrike published a detailed report on Monday in which it revealed its research into a malware called ‘Putter Panda' that was found spying on high-tech firms involved in space, aerospace and communications industries.
It traced the malware right to the heart of China, in a building in Shanghai that Crowdstrike said was likely being run by the Chinese People's Liberation Army (PLA) 3rd Department 12th Bureau Unit 61486.
Crowdstrike outed a man named Chen Ping, aka 'cpyy', as being a member of the Chinese People's Liberation Army (PLA) who was responsible for buying domains associated with Putter Panda.
Crowdstrike said the attacks targeted organisations' work through popular business tools such as Adobe Readers and Microsoft Office to deploy custom malware via email.
Crowdstrike CEO George Kurtz wrote that its findings was yet more proof the Chinese government was fully complicit in the hacking of Western industries, and proved the US was right to file charges against state officials last month.
"China's decade-long economic espionage campaign is massive and unrelenting. Through widespread espionage campaigns, Chinese threat actors are targeting companies and governments in every part of the globe," he said.
"Targeted economic espionage campaigns compromise technological advantage, diminish global competition, and ultimately have no geographic borders."
In response, a member of China's foreign ministry dismissed the allegations and repeated the line that the US is far more guilty of cyber hacking than China.
"The United States cannot pretend that it is the victim. They are a hacker empire. I think everyone in the world knows this," spokeswoman Hua Chunying said.
The US recently filed charges against five Chinese PLA officials in response to the Mandiant report. In response, China said it would start vetting Western technology and accused the US of hypocrisy in light of the Snowden spying revelations.