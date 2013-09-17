* Symantec says Hidden Lynx very likely based in China
* Says it is not sure if group is linked to government
* Says may be linked to well-known 2009 Operation Aurora
By Jim Finkle
BOSTON, Sept 17 Computer security experts have
discovered a group of highly sophisticated computer hackers
operating for hire, a U.S computer security firm said on
Tuesday, and it linked the group to some of the best-known
cyber-espionoge attacks out of China in recent years.
Symantec Corp said the hacker group, which it
dubbed "Hidden Lynx," was among the most technically advanced of
several dozen groups believed to be running cyber espionage
operations out of China. Unlike a previous report by another
company, Symantec did not allege Chinese government involvement
in the cyberattacks.
Symantec's 28-page report said its researchers believe the
Hidden Lynx group may have been involved with the 2009 Operation
Aurora attacks, the most well-known cyber espionage campaign
uncovered to date against U.S. companies.
In Operation Aurora, hackers attacked Google Inc
and dozens of other companies including Adobe Systems Inc
. Google disclosed the attacks in January 2010, in which
hackers tried to read Gmail communications of human rights
activists and also attempted to access and change source code at
targeted companies.
Symantec researcher Liam O'Murchu said his firm was unable
to determine which individuals were behind Hidden Lynx or if it
was linked to the Chinese government.
A separate study, released in February from the U.S.
computer security firm Mandiant, said a secretive unit of the
Chinese military was engaged in cyber espionage on American
companies. Beijing vehemently denied the accusations in that
document, which contained photos of the building that Mandiant
alleged was the unit's headquarters. ()
Symantec believes the group is based in China, O'Murchu
said, because much of the infrastructure used to run the attacks
is based there and because the malicious software was written
using Chinese tools and with Chinese code.
The Symantec report also provides new details about who is
behind several recent attacks, including a breach at cyber
security firm Bit9 and follow-on attacks at three Bit9 clients.
()
It also connects Hidden Lynx to a major campaign dubbed
Voho, which was discovered last year by the security firm RSA,
which is owned by EMC Corp. Voho targeted hundreds of
organizations including financial firms, technology and
healthcare companies, defense contractors and government
agencies.
Symantec described the Hidden Lynx group as a "professional
organization" staffed by between 50 and 100 people with a
variety of skills needed to breach networks and exfiltrate data.
The arsenal of tools included Trojan Naid and Trojan Moudoor,
which the gang use to siphon data from infected computers.
Symantec, which sells software and services to protect
corporate and consumer computer systems from cyber attacks like
the ones mentioned in the report, said Naid was also used by
hackers in Operation Aurora.
The Hidden Lynx hackers "were either responsible for the
Aurora attack or were working in conjunction with the Aurora
attackers," O'Murchu said.