legal contact rss

APT 002

Also known as: Putter Panda, MSUpdater

Suspected attribution: China, Unit 61486

Target sectors: Government, defense, research, and technology sectors in the United states, with specific  targeting of space, aerospace,  and communications

Overview: Putter Panda is a cyber espionage actor that conducts operations from shanghai, China, likely on behalf of the Chinese People’s liberation army (Pla) 3rd General staff department 12th Bureau Unit 61486. this unit is supports the space based signals intelligence (sIGInt) mission. The 12th Bureau Unit 61486, headquartered in shanghai, is widely accepted to be China’s primary sIGInt collection and analysis agency, supporting China’s space surveillance network. They focus their exploits against popular productivity applications such as adobe reader and Microsoft office to deploy custom malware through targeted email attacks. Crowdstrike identified Chen Ping, aka cpyy, a suspected member of the Pla responsible for procurement of the domains associated with operations conducted by Putter Panda.

Associated malware:

Tools used: 3PARA RAT, pngdowner, httpclient, 4H RAT

Attack vectors: Putter Panda is a determined adversary group, conducting intelligence-gathering operations targeting the Government, defense, research, and technology sectors in the United states, with specific targeting of the Us defense and European satellite and aerospace industries