APT2

πŸ”΄ High
Also known as: PLA Unit 61486, PUTTER PANDA, MSUpdater, 4HCrew, SULPHUR, SearchFire, TG-6952, G0024, APT2

Putter Panda were the subject of an extensive report by CrowdStrike, which stated: β€˜The CrowdStrike Intelligence team has been tracking this particular unit since2012, under the codename PUTTER PANDA, and has documented activity dating back to 2007. The report identifies Chen Ping, aka cpyy, and the primary location of Unit 61486.’

🌍 Country China
⚑ Risk Level High
🎯 Incident Type Espionage
Private sector Government

Targeted Victims

U.S. satellite and aerospace sector

Introduction

Putter Panda were the subject of an extensive report by CrowdStrike, which stated: β€˜The CrowdStrike Intelligence team has been tracking this particular unit since2012, under the codename PUTTER PANDA, and has documented activity dating back to 2007. The report identifies Chen Ping, aka cpyy, and the primary location of Unit 61486.’

Activities and Tactics

Targeted Sectors: Private sector, Government

Country of Origin: πŸ‡¨πŸ‡³ China

Risk Level: High

Incident Type: Espionage

Suspected Victims: U.S. satellite and aerospace sector

Notable Campaigns

Information pending cataloguing.

Tactics, Techniques, and Procedures (TTPs)

Information pending cataloguing.

Notable Indicators of Compromise (IOCs)

No curated IOCs are currently published for this actor. This section will be updated when stable, attributable indicators are available.

Malware and Tools

  • Back Orifice
  • Back Orifice 2000

Attribution and Evidence

Country of Origin: China Additional attribution information pending cataloguing.

References

References pending cataloguing.