Member-only story
The APT Files #2: Putter Panda
To Non-members of Medium, use this link.
Quick Details
Suspected Origin: China, 2007
Other Names: APT2, PLA 61486, Putter Panda, MSUpdater, G0023
Target Region(s): North America, Europe
Attack Vectors: Spear-phishing, Malware, Social Engineering
Tools observed: MOOSE, WARP
Hacker Words
- OSINT — Open Source Intelligence, using publicly available sources to gather sensitive/critical information about someone
- C2 Servers — Command and Control Servers, computers used to control malware remotely
Putter Panda is a threat group suspected to be under the military cover of Unit 61486 of the Chinese People’s Liberation Army (PLA). The origin of the group’s name is from its knack for targeting golf players (putter) and its origin (China).
According to the Council on Foreign Relations, the group is known to target tech, research, defence and government sectors, particularly in satellite and aerospace sectors of the United States.
Their primary focus is on targeting widely used productivity applications like Adobe Reader and Microsoft Office. They carry out their malicious activities by utilizing customized…
