Adversary Profile: Gothic Panda presented at SourceBoston 2015

by Silas Cutler,

Summary : CrowdStrike has been actively tracking an advanced adversary group known
as Gothic Panda. Known for high-profile targeting of government research
groups, financial institutions, and companies in the development sector,
the adversary's activity has been hallmarked by the reuse of the malware
Pirpi, which has evolved since 2009. It is speculated they are using
compromised servers for hosting control infrastructure as an operational
security measure. It is believed that this adversary originates from the
People's Republic of China and likely will resurface in 2015.
This presentation will provide an analysis of hallmarks of the malware
Pirpi, as well as explore the origins of this adversary.