China’s military faces fresh hacking allegations from US

June 10, 2014, 11:58 AM UTC
Panoramic Images / Getty Images

Tensions between the US and China over alleged cyber-espionage look set to escalate after a private US cyber-security firm claimed to have uncovered evidence of widespread spying by a second team of hackers linked to the Chinese army.

In a report published Monday summarising the findings of months of work, Irvine, CA-based CrowdStrike accused a group it called ‘Putter Panda’ of spying on the US and European defense and aerospace industries from its base in Shanghai.

It said the group had been operating “at least since 2007” and worked “likely on behalf of the Chinese People’s Liberation Agency 3rd Department 12th Bureau Unit 61486”, a unit that supports China’s space surveillance network.

“We believe that organisations, be they governments or corporations, global or domestic, must keep up the pressure and hold China accountable until lasting change is achieved.,” CrowdStrike founder and CEO George Kurtz said in the introduction to a 62-page report.

The accusations seem certain to create more bad blood between the Chinese and US governments. Only last month, Beijing had reacted furiously when the Department of Justice went public with five dossiers accusing officers of the People’s Liberation Army of spying.  The Chinese government called the charges “absurd” and “fabricated” and said neither it nor its military had ever used cyber-espionage to steal trade secrets.

Kurtz said that the DoJ’s indictments had shown only “the tip of a very large iceberg.”

CrowdStrike claimed that the group had “infrastructure overlap” with Comment Panda, its codename for the group at the heart of the DoJ’s accusations. It identified one Chen Ping, aka cpyy, as one of the group’s chief spies.

The new revelations also come less than a week after the Pentagon highlighted  cyber-warfare capabilities as one of the most important elements of China’s sustained military build-up.

CrowdStrike said ‘Putter Panda’ liked to operate by embedding malware in popular document formats such as Adobe Reader and Microsoft Word, which, once opened, gave the team in Shanghai remote access to their targets’ systems. It noted one such package of malware that had been hidden in what appeared to be an invitation to a yoga course in Toulouse, the home of Airbus Industries and much of the European space industry.

The Chinese embassy in Washington didn’t respond immediately to an e-mailed request for comment.