Hacker group found in China, linked to big cyberattacks: Symantec

Published September 17, 2013
The for-hire hacker group is linked to attacks on Google and Adobe, amongst others. — Reuters Photo
The for-hire hacker group is linked to attacks on Google and Adobe, amongst others. — Reuters Photo

Boston - Computer security experts have discovered a group of highly sophisticated computer hackers operating for hire, a US computer security firm said on Tuesday, and it linked the group to some of the best-known cyber-espionage attacks out of China in recent years.

Symantec Corp said the hacker group, which it dubbed "Hidden Lynx," was among the most technically advanced of several dozen groups believed to be running cyber espionage operations out of China. Unlike a previous report by another company, Symantec did not allege Chinese government involvement in the cyberattacks.

Symantec's 28-page report said its researchers believe the Hidden Lynx group may have been involved with the 2009 Operation Aurora attacks, the most well-known cyber espionage campaign uncovered to date against US companies.

In Operation Aurora, hackers attacked Google Inc and dozens of other companies including Adobe Systems Inc. Google disclosed the attacks in January 2010, in which hackers tried to read Gmail communications of human rights activists and also attempted to access and change source code at targeted companies.

Symantec researcher Liam O'Murchu said his firm was unable to determine which individuals were behind Hidden Lynx or if it was linked to the Chinese government.

A separate study, released in February from the US computer security firm Mandiant, said a secretive unit of the Chinese military was engaged in cyber espionage on American companies. Beijing vehemently denied the accusations in that document, which contained photos of the building that Mandiant alleged was the unit's headquarters.

Symantec believes the group is based in China, O'Murchu said, because much of the infrastructure used to run the attacks is based there and because the malicious software was written using Chinese tools and with Chinese code.

The Symantec report also provides new details about who is behind several recent attacks, including a breach at cyber security firm Bit9 and follow-on attacks at three Bit9 clients.

It also connects Hidden Lynx to a major campaign dubbed Voho, which was discovered last year by the security firm RSA, which is owned by EMC Corp. Voho targeted hundreds of organizations including financial firms, technology and healthcare companies, defense contractors and government agencies.

Symantec described the Hidden Lynx group as a "professional organization" staffed by between 50 and 100 people with a variety of skills needed to breach networks and exfiltrate data. The arsenal of tools included Trojan Naid and Trojan Moudoor, which the gang use to siphon data from infected computers.

Symantec, which sells software and services to protect corporate and consumer computer systems from cyber attacks like the ones mentioned in the report, said Naid was also used by hackers in Operation Aurora.

The Hidden Lynx hackers "were either responsible for the Aurora attack or were working in conjunction with the Aurora attackers," O'Murchu said.

Opinion

Editorial

Smog hazard
Updated 05 Nov, 2024

Smog hazard

The catastrophe unfolding in Lahore is a product of authorities’ repeated failure to recognise environmental impact of rapid urbanisation.
Monetary policy
05 Nov, 2024

Monetary policy

IN an aggressive move, the State Bank on Monday reduced its key policy rate by a hefty 250bps to 15pc. This is the...
Cultural power
05 Nov, 2024

Cultural power

AS vital modes of communication, art and culture have the power to overcome social and international barriers....
Disregarding CCI
Updated 04 Nov, 2024

Disregarding CCI

The failure to regularly convene CCI meetings means that the process of democratic decision-making is falling apart.
Defeating TB
04 Nov, 2024

Defeating TB

CONSIDERING the fact that Pakistan has the fifth highest burden of tuberculosis in the world as per the World Health...
Ceasefire charade
Updated 04 Nov, 2024

Ceasefire charade

The US talks of peace, while simultaneously arming and funding their Israeli allies, are doomed to fail, and are little more than a charade.