Newly found group breaks into computer systems of defense, aerospace, pharmaceutical companies
The report was debuted by researchers from Dell Secureworks at the Black Hat cyber-security conference in Las Vegas. Researchers believe the group hacked a series of websites popular with targets in several key industries including automotive, defense and pharmaceuticals. By stealing information from these individuals, the hackers were then able to crack into the companies and organizations in what is known as a “watering hole” attack.
Dell Secureworks believes more than 50 institutions were breached, including major manufacturers, law firms, universities and government embassies. The hackers used a variety of methods, including exploiting vulnerabilities in Flash, Java and Microsoft software. Instead of constantly upgrading to beat the latest in cybersecurity programming – an expensive tactic for hackers – the group instead aims for less protected PCs still exposed to old flaws.
The researchers claim the hackers are likely based in China. Among other evidence, the researchers find that the hackers used the popular Chinese search engine Baidu and targeted organizations connected to Chinese ethnic groups, especially the Uighurs, a mostly Muslim minority group centered in eastern China.
Dell SecureWorks officially named the group Threat Group 3390 and researchers have nicknamed it Emissary Panda.
The firm, a subsidiary of computer manufacturer Dell, believes the sophistication and organization of Emissary Panda means that it has the backing of the Chinese government. The hackers also targeted companies working in aerospace, energy and electronics.
The precision of Emissary Panda’s attacks struck researchers as noteworthy. The hackers would often ignore interesting or important documents, appearing to steal only specifically targeted information for very particular interests.
"The threat actors are adept at identifying key data stores and selectively exfiltrating all of the high-value information associated with their goal," according to the Dell SecureWorks team.