In light of recent hacks, you might be interested in the groups that pose the greatest threats to our cybersecurity.
Ironically, the hacker groups that you should be afraid of also have the least intimidating names. Deep Panda, Putter Panda, and Flying Kitten have been listed by security technology firm CrowdStrike as the groups to watch out for. While they may seem cuddly, these hackers continue to be some of the most dangerous in the world.
CrowdStrike is monitoring over 70 different hacker groups from around the world, most of which are based in China, Russia, and Iran. Many have ties to nationalist activist groups that are specifically seeking data on corporate America.
Here’s are a few of the most prominent hacker groups you should know about:
CrowdStrike has deemed Deep Panda one of the most advanced Chinese cyber intrusion groups active today. This group has been known to target national security think tanks, infiltrating the defence and telecommunications industries of foreign countries. CrowdStrike believes the group operates on behalf of the Chinese government.
In early July, CrowdStike reported the group had shifted its sights to individuals with a tie to Iraq and the Middle East. That makes sense since China is Iraq’s largest foreign oil investor.
Active since 2007, Putter Panda primarily targets the American and European defence and aerospace industries. The group is based out of Shanghai and has been linked to the Chinese military, due to the fact that the hackers reportedly work from buildings belonging to the People’s Liberation Army (PLA) — the military of the People’s Republic of China.
In May, the US government filed a criminal indictment against members of Putter Panda (also known as PLA Unit 61398).
China continued to deny its military had ever engaged in cyber theft. However, CrowdStrike subsequently released documents that purported to show evidence of Putter Panda’s illegal hacking,
IT News reported.
This Iran-based hacker group has been on CrowdStrike’s radar since mid-January, and is best known for targeting multiple US-based defence contractors and Iranian political dissidents. Formerly known as the Ajax Security Team, this group has shifted its sights from hacktivism to cyber espionage and targeted attacks, InformationWeek has reported.
According to CrowdStrike, the group began targeting the defence industry earlier this year, using spearphishing emails and spoofed Microsoft Outlook Web Access pages to infiltrate the accounts of defence contractors. InformationWeek reports that the group also lured in Iranian dissidents using anti-censorship tools that had been infected with malware.
This targeting may imply that Flying Kitten is either an Iranian government entity or some private actor hired by Iran’s government to take down agitators.
What’s In Store
In its 2013 Global Threat Report, released in January, Crowdstrike predicted this kind of third-party targeting will continue, especially with events like the G20 Summit and midterm elections both coming up this November.
CrowdStrike CTO and co-founder Dmitri Alperovitch confirmed by phone that these groups, as well as others identified in the Global Threat Report — including Magic Kitten, Emissary Panda, and Deadeye Jackal — continue to pose an active cybersecurity threat.
These groups are also highly skilled and very sophisticated. “These are organised criminal groups that by some accounts have the same abilities that nation-states have,” Marcus Christian, a criminal defence attorney whose practice focuses on intersection of cybersecurity and white collar crime, told Business Insider. “They are very streamlined in terms of their responsibilities, and often take old exploits and use them in new ways.”