China-linked 'Electric Panda' hackers seek U.S. targets, intel agency warns

[InfoSec News <alerts () infosecnews org>]

https://www.politico.com/news/2020/04/16/china-electric-panda-hackers-seek-us-targets-191220

By Natasha Bertrand
Politico.com
04/16/2020

Nearly 40 U.S. contracting facilities with access to classified information 
have been targeted by a hacking group with suspected ties to the Chinese 
government since Feb. 1, according to a bulletin disseminated to contractors by 
the Defense Counterintelligence and Security Agency on Wednesday.

The bulletin, obtained by Politico, is marked “unclassified/for official use 
only” and warns that DCSA’s cyber division detected nearly 600 “inbound and 
outbound connections” from “highly likely Electric Panda cyber threat actors” 
targeting 38 cleared contractor facilities, including those specializing in 
health care technology.

“Electric Panda” is not a widely accepted designation for a state-sponsored 
hacking group, cyber experts said, but the cybersecurity firm CrowdStrike has 
attributed Electric Panda to the Chinese government, the bulletin notes. The 
term “connections” is also pretty vague, experts noted, but former National 
Security Agency researcher Dave Aitel said the detection of both inbound and 
outbound activity likely means the U.S. managed to penetrate the command and 
control machines that Electric Panda was using.

Cleared contractor facilities often receive warnings about hacking attempts 
from the FBI and DCSA, but the notices rarely attribute the malicious activity 
to a specific group or nation-state as the DCSA did with Electric Panda, one 
employee at a firm that contracts for the intelligence community said.

[...]

--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_