Nearly 40 U.S. contracting facilities with access to classified information have been targeted by a hacking group with suspected ties to the Chinese government since Feb. 1, according to a bulletin disseminated to contractors by the Defense Counterintelligence and Security Agency on Wednesday.
The bulletin, obtained by Politico, is marked unclassified/for official use
only, and warns that DCSA’s cyber division detected nearly 600 “inbound and outbound connections” from “highly likely Electric Panda cyber threat actors” targeting 38 cleared contractor facilities, including those specializing in healthcare technology.
“Electric Panda” is not a widely accepted designation for a state-sponsored
hacking group, cyber experts said, but the cybersecurity firm CrowdStrike has attributed Electric Panda to the Chinese government, the bulletin notes. The term “connections” is also pretty vague, experts noted, but former NSA
researcher Dave Aitel said the detection of both inbound and outbound activity likely means the U.S. managed to penetrate the command and control machines that Electric Panda was using.
Cleared contractor facilities often receive warnings about hacking attempts from the FBI and DCSA, but the notices rarely attribute the malicious activity to a specific group or nation-state as the DCSA did with Electric Panda, one employee at a firm that contracts for the intelligence community said.
[…]
https://www.politico.com/news/2020/04/16/china-electric-panda-hackers-seek-us-targets-191220