China-linked 'Electric Panda' hackers seek U.S. targets, intel agency warns

[InfoSec News <alerts () infosecnews org>]

https://www.politico.com/news/2020/04/16/china-electric-panda-hackers-seek-us-targets-191220

By Natasha Bertrand
Politico.com
04/16/2020

Nearly 40 U.S. contracting facilities with access to classified information have
been targeted by a hacking group with suspected ties to the Chinese government
since Feb. 1, according to a bulletin disseminated to contractors by the Defense
Counterintelligence and Security Agency on Wednesday.

The bulletin, obtained by Politico, is marked unclassified/for official use
only, and warns that DCSA’s cyber division detected nearly 600 “inbound and
outbound connections” from “highly likely Electric Panda cyber threat actors”
targeting 38 cleared contractor facilities, including those specializing in
healthcare technology.

“Electric Panda” is not a widely accepted designation for a state-sponsored
hacking group, cyber experts said, but the cybersecurity firm CrowdStrike has
attributed Electric Panda to the Chinese government, the bulletin notes. The
term “connections” is also pretty vague, experts noted, but former NSA
researcher Dave Aitel said the detection of both inbound and outbound activity
likely means the U.S. managed to penetrate the command and control machines that
Electric Panda was using.

Cleared contractor facilities often receive warnings about hacking attempts from
the FBI and DCSA, but the notices rarely attribute the malicious activity to a
specific group or nation-state as the DCSA did with Electric Panda, one employee
at a firm that contracts for the intelligence community said.

[...]

--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_