After the US announced criminal charges against five Chinese military officers from Unit 61398 just last month, a new Shanghai-based hacker unit with ties to the People’s Liberation Army (PLA) in China has been identified.

Hacker Profile

Name: Unit 61486, the 12^th Bureau of the PLA’s 3^rd General Staff Department

Code Name: “Putter Panda”

Targets: Golf-playing conference attendees; intelligence-gathering on US government sectors; and American, European and Japanese satellite, aerospace and communication companies.

Actions Taken: Use of emails containing job postings, PDF invitations to conferences and a yoga studio brochure to lure victims to download custom malware. (Remember, be careful what links you click within your email!)

Person(s) Identified: 35-year-old Chen Ping, known as “cpyy,” used to register domains for cyberattacks.

Putter Panda is believed to have been in operation since at least 2007 with evidence indicating that they cooperated or shared resources with Unit 61398. Investigation by security firm CrowdStrike found photo albums that could reveal military connections, forum discussions relating to security and “cpyy” interactions with a suspected member of Unit 61398.

According to CrowdStrike’s Adam Meyers, “We’ve got the gun, the bullet and the body.”

Some cybersecurity reports suggest that US companies should be allowed to retaliate against hackers, but I’m not so sure that is the best approach to combating cybercrimes.

Do you think companies should be allowed to freely retaliate? Why or why not?