A Chinese hacking group identified as Emissary Panda has been blamed for setting up more than 100 “watering hole” websites that stole data from aerospace, energy and healthcare companies, as well as various government embassies. The group, also known as Threat Group 3390, is identified and examined in a security report from Dell SecureWorks.
“The adversary's end goal is to exfiltrate, not infiltrate,” the report stated, as quoted by V3 News. Aaron Hackworth, senior development engineer at Dell SecureWorks, told the news site that Emissary Panda is a “surgical group” that “uses reconnaissance to see who they have, then connect to networks to gain a foothold. They are very methodical about it. What stands out is how persistent these guys are and how quickly they respond as they get shut down.”
Emissary Panda is the latest addition to the group known as the Advanced Persistent Threat, a loosely organized coalition of Chinese hackers that are said to work with implicit authorization from Beijing. The Chinese government has consistently denied any involvement, though the Emissary Panda revelations are likely to add to growing levels of frustration in Washington after hacks on the U.S. Office of Personnel Management and a number of influential private companies.