China’s Deep Panda Hackers Target US Think Tanks

China’s Deep Panda Hackers Target US Think Tanks

The attacks are quite sophisticated and the cell that calls itself “Deep Panda” is according to the CrowdStrike team “one of the most advanced Chinese nation-state cyber intrusion groups.” But the focus of the group has recently switched due to recent events in Syria and Iraq.

Deep Panda’s attacks shifted after the emergence of ISIS

While no word was given as to which think tanks specifically were compromised, the group says that data was stolen from email accounts, directories, and files. Deep Panda stepped onto the scene about three years ago actively attacking groups who develop U.S. policy in Southeast Asia.

[Exclusive] DG Value Underperforms In H1, Sees Growing Number Of Distressed Opportunities

Dov Gertzulin's DG Capital has had a rough start to the year. According to a copy of the firm's second-quarter investor update, which highlights the performance figures for its two main strategies, the flagship value strategy and the concentrated strategy, during the first half of 2022, both funds have underperformed their benchmarks this year. The Read More

“This is undoubtedly related to the recent Islamic State of Iraq and the Levant (ISIS) takeover of major parts of Iraq and the potential disruption for major Chinese oil interests in that country. In fact, Iraq happens to be the fifth-largest source of crude oil imports for China and the country is the largest foreign investor in Iraq’s oil sector. Thus, it wouldn’t be surprising if the Chinese government is highly interested in getting a better sense of the possibility of deeper U.S. military involvement that could help protect the Chinese oil infrastructure in Iraq,” according to the CrowdStrike team.

CrowdStrike also pointed out that the attacks on Iraq involved think tanks began on June 18, the same day that ISIS began its assault on the Baiji oil refinery something of great interest to China and their energy concerns considering they have near no oil of their own unlike the United States.

Falcon Host employed to detect Deep Panda’s attacks

To detect the attacks on the Windows operating systems used by these think tanks, CrowdStrike employed a proprietary software suite it calls Falcon Host. The company provides this software free of charge to non-profits and think tanks that might otherwise not be able to afford it.

“Deep Panda presents a very serious threat not just to think tanks, but also multinational financial institutions, law firms, defense contractors, and government agencies,” the security researchers say. “Due to their stellar operational security and reliance on anti-forensic and anti-IOC detection techniques, detecting and stopping them is very challenging without the use of next-generation endpoint technolog