A Chinese hacking group identified as Emissary Panda has been blamed for setting up more than 100 “watering hole” websites that stole data from aerospace, energy and healthcare companies, as well as various government embassies. The group, also known as Threat Group 3390, is identified and examined in a security report from Dell SecureWorks.

Emissary Panda has spent years infecting targeted networks by launching attacks from legitimate websites known to be visited by employees at the targeted company. By exploiting a JavaScript security flaw in a defense contractor supplier's website, for instance, Emissary Panda was able to launch malicious software onto IP addresses known to be affiliated with the defense contractor. Automotive, electronic, pharmacuetical and defense companies were all targeted, as were with various colleges and universities, law firms, political organizations and the Russian Embassy in Washington as part of the vast espionage campaign.

“The adversary's end goal is to exfiltrate, not infiltrate,” the report stated, as quoted by V3 News. Aaron Hackworth, senior development engineer at Dell SecureWorks, told the news site that Emissary Panda is a “surgical group” that “uses reconnaissance to see who they have, then connect to networks to gain a foothold. They are very methodical about it. What stands out is how persistent these guys are and how quickly they respond as they get shut down.”

Emissary Panda is the latest addition to the group known as the Advanced Persistent Threat, a loosely organized coalition of Chinese hackers that are said to work with implicit authorization from Beijing. The Chinese government has consistently denied any involvement, though the Emissary Panda revelations are likely to add to growing levels of frustration in Washington after hacks on the U.S. Office of Personnel Management and a number of influential private companies.