APT2: This group was first observed in 2010. APT2 engages in cyber operations where the goal is intellectual property theft, usually focusing on the data and projects that make an organization competitive within its field.
Name: PLA 61486, Putter Panda, MSUpdater
Suspected attribution: China – Chinese state-backed groups – Chinese People’s Liberation Army (PLA)
Date of initial activity: 2007
Targets: Military and Aerospace. US defense and European satellite/aerospace industries.
Associated malware: MOOSE, WARP
Attack vectors: Spear-phishing emails that exploit CVE-2012-0158.
In 2014 they were exposed to the public by a report made by CrowdStrike , a digital security firm. One member of Unit 61486 has been identified as Chen Ping, with the online alias of “cpyy”. Unit 61486 has also been nicknamed “Putter Panda” by the security firm Crowdstrike, in reference to its Chinese origins (“panda”) and its penchant for targeting golf players (“putter”).
PUTTER PANDA is sometimes referred to as “MSUpdater” by the security research community, this group has been operating since at least 2007 and has heavily targeted the US defense and European satellite/aerospace industries. They focus their exploits against popular productivity applications such as Adobe Reader and Microsoft Office to deploy custom malware through targeted email attacks. PUTTER PANDA has been observed conducting operations with a nexus to Shanghai, China, likely on behalf of the Chinese PLA 3rd Department 12th Bureau Unit 61486.
