There is a group of highly sophisticated computer hackers operating for hire, a U.S computer security firm said Tuesday.
The firm also linked the group to some of the best-known cyber-espionage attacks out of China in recent years.
Symantec Corp. said the hacker group, which it called “Hidden Lynx,” was among the most technically advanced of several dozen groups believed to be running cyber espionage operations out of China.
Symantec’s 28-page report said its researchers believe the Hidden Lynx group may have been involved with the 2009 Operation Aurora attacks, the most well-known cyber espionage campaign uncovered to date against U.S. companies.
In Operation Aurora, hackers attacked Google Inc. and dozens of other companies. Google disclosed the attacks in January 2010, in which hackers tried to read Gmail communications of human rights activists and also attempted to access and change source code at targeted companies.
Symantec researcher Liam O’Murchu said his firm was unable to determine which individuals were behind Hidden Lynx or if the Chinese government was backing the enterprise.
Symantec said Hidden Lynx is in China, O’Murchu said, because much of the infrastructure used to run the attacks is there and because the malicious software ended up written using Chinese tools and with Chinese code.
The Symantec report also provides new details about who is behind several recent attacks, including a breach at cyber security firm Bit9 and follow-on attacks at three Bit9 clients.
It also connects Hidden Lynx to a major campaign dubbed Voho, discovered last year by the security firm RSA. Voho targeted hundreds of organizations including financial firms, technology and healthcare companies, defense contractors and government agencies.
Symantec described the Hidden Lynx group as a “professional organization” staffed by between 50 and 100 people with a variety of skills needed to breach networks and exfiltrate data. The arsenal of tools included Trojan Naid and Trojan Moudoor, which the gang use to siphon data from infected computers.
Click here to read the Symantec whitepaper.