Putter Panda, APT 2
Description
Putter Panda is the name of bad actor responsible for a series of cyberespionage operations originating in Shanghai, security experts linked its operation to the activity of the People’s Liberation Army 3rd General Staff Department 12th Bureau Unit 61486.
A fake yoga brochure was one of different emails used for a spear-phishing campaign conducted by the stealth Chinese cyber unit according an investigation conducted by researchers at the CrowdStrike security firm. Also in this case the experts believe that we are facing with a large scale cyberespionage campaign targeting government entities, contractors and research companies in Europe, USA and Japan.
The group has been operating since at least 2007 and appears very interested in research companies in the space and satellite industry, experts at CrowdStrike have collected evidence of a numerous attacks against these industries.
Names
| Name | Name-Giver |
|---|---|
| Putter Panda | CrowdStrike |
| TG-6952 | SecureWorks |
| APT 2 | Mandiant |
| Group 36 | Talos |
| Sulphur | Microsoft |
| SearchFire | ? |
Country
Sponsor
State-sponsored, Unit 61486 of the 12th Bureau of the PLA’s 3rd General Staff Department (GSD)
Motivation
- Information theft and espionage
First Seen
2007
Observed Sectors
Observed Countries
Tools
Information
- https://cdn0.vox-cdn.com/assets/4589853/crowdstrike-intelligence-report-putter-panda.original.pdf
- https://en.wikipedia.org/wiki/PLA_Unit_61486
Mitre Attack
Other Information
Uuid
028aa521-2de8-49c4-88d7-455f4d9141ba
Last Card Change
2024-03-10