Feeds

Securo-boffins link HIRED GUN hackers to Aurora, Bit9 megahacks

Researchers: It was 'resourceful' Hidden Lynx crew wot done it

The Essential Guide to IT Transformation

Security researchers have linked the “Hackers for hire” Hidden Lynx Group with a number of high-profile attacks, including an assault on net security firm Bit9, as well as the notorious Operation Aurora assault against Google and other hi-tech firms back in 2009.

Hidden Lynx is a sophisticated hacking group based in China and made of up of between 50 to 100 individuals, according to Symantec. The hackers provide "full service" as well as "customised" cyber-espionage attacks against corporate and government targets, claims the security firm. Its favoured tactics include compromising third-party sites frequented by individuals from targeted organisations with malicious code.

Such so-called watering hole attacks are an easier way to go after marks than hacking into the websites of defence contractors, government organisations and other targets directly. The group, which has operated for more than three years, has used zero-day exploits three times since 2011 alone, says Symantec.

The researchers believe the group compromised security firm Bit9’s digital code-signing certificate as part of a stepping-stone attack ultimately aimed at defence industry customers of the net security firm's whitelisting technology.

Hidden Lynx also has affiliations to Operation Aurora, the 2009 mass break-in to more than 30 big technology companies, including Google and Adobe, the security firm claims.

"This group has a hunger and drive that surpass other well-known groups such as APT1/Comment Crew," Symantec concludes in a blog post that praises the group for its "technical prowess", resourcefulness and patience in running multiple attacks.

The group's main targets include IT firms, defence and aeronautics contractors, energy sector, finance, healthcare and governments in multiple countries including the US, Taiwan and Japan. More than half the attacks linked to the group were thrown against US organisations.

Hidden Lynx "engage in a two-pronged strategy of mass exploitation and pay-to-order targeted attacks for intellectual property using two Trojans designed specifically for each purpose", according to Symantec. Team Moudoor, a sub-group of Hidden Lynx, distributes Moudoor, a customised version of the “Gh0st RAT” Trojan, for large-scale campaigns.

Another sub-group, Team Naid, distributes the Naid Trojan, which appears to be reserved for more limited attacks against high value targets. Naid has been linked to the Bit9 incident.

More on Hidden Lynx (whose name is derived from a string found in command-and-control server communications) is available in a whitepaper published on Tuesday (PDF). ®

Build a business case: developing custom apps

More from The Register

next story
14 antivirus apps found to have security problems
Vendors just don't care, says researcher, after finding basic boo-boos in security software
Only '3% of web servers in top corps' fully fixed after Heartbleed snafu
Just slapping a patched OpenSSL on a machine ain't going to cut it, we're told
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Israel's Iron Dome missile tech stolen by Chinese hackers
Corporate raiders Comment Crew fingered for attacks
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
Four fake Google haxbots hit YOUR WEBSITE every day
Goog the perfect ruse to slip into SEO orfice
Secure microkernel that uses maths to be 'bug free' goes open source
Hacker-repelling, drone-protecting code will soon be yours to tweak as you see fit
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.