Feeds

Securo-boffins link HIRED GUN hackers to Aurora, Bit9 megahacks

Researchers: It was 'resourceful' Hidden Lynx crew wot done it

Securing Web Applications Made Simple and Scalable

Security researchers have linked the “Hackers for hire” Hidden Lynx Group with a number of high-profile attacks, including an assault on net security firm Bit9, as well as the notorious Operation Aurora assault against Google and other hi-tech firms back in 2009.

Hidden Lynx is a sophisticated hacking group based in China and made of up of between 50 to 100 individuals, according to Symantec. The hackers provide "full service" as well as "customised" cyber-espionage attacks against corporate and government targets, claims the security firm. Its favoured tactics include compromising third-party sites frequented by individuals from targeted organisations with malicious code.

Such so-called watering hole attacks are an easier way to go after marks than hacking into the websites of defence contractors, government organisations and other targets directly. The group, which has operated for more than three years, has used zero-day exploits three times since 2011 alone, says Symantec.

The researchers believe the group compromised security firm Bit9’s digital code-signing certificate as part of a stepping-stone attack ultimately aimed at defence industry customers of the net security firm's whitelisting technology.

Hidden Lynx also has affiliations to Operation Aurora, the 2009 mass break-in to more than 30 big technology companies, including Google and Adobe, the security firm claims.

"This group has a hunger and drive that surpass other well-known groups such as APT1/Comment Crew," Symantec concludes in a blog post that praises the group for its "technical prowess", resourcefulness and patience in running multiple attacks.

The group's main targets include IT firms, defence and aeronautics contractors, energy sector, finance, healthcare and governments in multiple countries including the US, Taiwan and Japan. More than half the attacks linked to the group were thrown against US organisations.

Hidden Lynx "engage in a two-pronged strategy of mass exploitation and pay-to-order targeted attacks for intellectual property using two Trojans designed specifically for each purpose", according to Symantec. Team Moudoor, a sub-group of Hidden Lynx, distributes Moudoor, a customised version of the “Gh0st RAT” Trojan, for large-scale campaigns.

Another sub-group, Team Naid, distributes the Naid Trojan, which appears to be reserved for more limited attacks against high value targets. Naid has been linked to the Bit9 incident.

More on Hidden Lynx (whose name is derived from a string found in command-and-control server communications) is available in a whitepaper published on Tuesday (PDF). ®

The smart choice: opportunity from uncertainty

More from The Register

next story
BMW's ConnectedDrive falls over, bosses blame upgrade snafu
Traffic flows up 20% as motorway middle lanes miraculously unclog
Putin: Crack Tor for me and I'll make you a MILLIONAIRE
Russian Interior Ministry offers big pile o' roubles for busting pro-privacy browser
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.