Security researchers have identified a second Chinese military unit that has launched cyberattacks against companies and government agencies in the U.S., Europe, and Japan. In May, the Justice Department indicted five individuals involved in a separate military unit, and now, security company CrowdStrike has revealed the identity of a second group of military hackers, Unit 61486, otherwise known as "Putter Panda."
The Shanghai-based Unit 61486 has even shared resources with the recently indicted members of Unit 61398, a Shanghai-based group identified last year by U.S. cybersecurity firm Mandiant. Both groups are divisions of the People's Liberation Army, which is in charge of all Chinese military operations. The U.S. has claimed for many years that China actively targets American businesses and government agencies, and these reports seem to back up those accusations.
Between CrowdStrike's report, which was published on Monday, and the Justice Department's indictments from May, it is now public knowledge that there are multiple Chinese teams attacking businesses. Though only two groups may have been publicly identified, it is likely that others exist inside China.
CrowdStrike said that it has evidence that Unit 61486 has targeted businesses in Europe, the U.S., and Japan since at least 2007. Those attacks have been carried out through various means, including by sending infected email attachments.
“Putter Panda is a determined adversary group, conducting intelligence-gathering operations targeting the government, defense, research, and technology sectors in the United States, with specific targeting of the U.S. Defense and European satellite and aerospace industries," said the researchers. "The 12th Bureau Unit 61486, headquartered in Shanghai, supports China’s space surveillance network.”
The relationship between China and the United States is already strained, yet China is an important contact in Asia. Now that there is another Chinese military unit in the public eye, China will have even more reason to cease certain talks with the U.S.
Chinese leaders have already denied any allegations of cyberattacks and denounced the indictments against one of its units. Responding to the CrowdStrike's report will be even more difficult for U.S. officials since a second wave of indictments would not be well received by the Chinese.
It is unlikely that China will ever turn over the alleged hackers to stand trial in the U.S., so the Justice Department's charges do not seem to carry much weight. This means that the Obama Administration and the Justice Department will have to decide if more indictments are worth damaging a relationship with China.