Chinese ‘hacking unit’ targeted European satellite industry for years

A security firm has revealed details about a Chinese unit of state hackers, which has been targeting the European and American satellite and space industries since at least 2007. The group uses email attachments to spread malware.

The group operates from Shanghai for the Chinese People’s Liberation Army, US security company CrowdStrike claims based on research. The unit was given the name Putter Panda because, among other things, conference participants playing golf were targeted. According to the investigation, the service exploited vulnerabilities in Adobe Reader and Microsoft Office to distribute malware for spying purposes. Hacked sites were also used to carry out covert attacks. CrowdStrike claims to be able to trace attacks to, among other things, email addresses of Chinese soldiers.

The New York Times, which says it can partially confirm the claims, cites as an example an attachment that seems to come from a Yoga studio in Toulouse, France. The brochure is said to have been sent to employees of space agencies in Toulouse, home of Airbus, the Galileo satellite system and Spot Image, which focuses on satellite images.

Not only the aerospace industry, but also government departments in the US, Europe and Japan would be targets of Putter Panda. The group is said to be known to the NSA as Unit 61486 and is in contact with Unit 61398. The US has indicted five members of the latter group for stealing trade secrets from several large companies. The indictment sparked tensions between the US and China, with back and forth accusations of espionage.