A Department of Defense bulletin on a 'leaking' sinkhole has baffled cybersecurity experts

[InfoSec News <alerts () infosecnews org>]

https://www.cyberscoop.com/dcsa-cybersecurity-bulletin-leaking-sinkhole-electic-panda-anubis/

By Shannon Vavra
CYBERSCOOP
May 6, 2020

In mid-April, an obscure agency housed under the Department of Defense issued a 
bulletin that a little-known, Chinese-linked hacking group is likely 
responsible for some suspicious activity aimed at defense contractors in the 
U.S. But how the Defense Counterintelligence and Security Agency (DCSA) came to 
that conclusion is complicated.

The alert, sent to 38 contractors, says DCSA detected the group was making 
“inbound and outbound connections” with contractors’ facilities as of Feb. 1. 
The targeting, which appeared to have stopped by March 25, was directed at 
several critical infrastructure sectors, including aerospace, health care and 
maritime, according to a copy of the bulletin obtained by CyberScoop.

A DCSA official tells CyberScoop the document was meant to raise awareness 
among the contractors, but numerous sources tell CyberScoop that it is more 
confusing than clarifying. The bulletin, which was first reported by Politico, 
has raised questions about the attributed hacking group and if the actions 
described in the document are even technically possible.

Chinese hackers have long been known to collect information on government 
contracting work in the U.S. But the group singled out in this alert, known as 
Electric Panda, is not as well-known in the cybersecurity community as its 
peers. Prior to the DCSA alert, the only reference to this group is from a 2013 
presentation from CrowdStrike. The security company declined to comment on the 
bulletin.

[...]

--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_