Hackers-for-hire: Chinese group accused of economic espionage against US companies

Published time: September 19, 2013 18:40

Reuters / Pichi Chuang

Computer security experts at Symantec say they’ve identified an elite group of Chinese hackers who have targeted the systems of Google, Adobe and other big name United States-based companies.

A 28-page report released by the Silicon Valley-based security
firm this week accused the group “Hidden Lynx” with an array of
high-profile hacks that have targeted major technology companies
and government contractors alike since at least 2009.

Symantec has blamed the group for Operation Aurora, a 2009
cyber-attack that set its sights on dozens of victims, including
Yahoo, Northrup Grumman, Dow Chemical and even Symantec itself.
Google was the first company to break news of the attack early
the next year and admitted that the hackers attempted to breach
Gmail and read communications between human rights activists.

According to Symantec, the group involved in the exploits
consists of 50 to 100 professional “hackers for hire,” and
is among the most advanced troops of its kind.

This group has a hunger and drive that surpass other
well-known groups
,” Symantec acknowledged in a blog post
published on Tuesday, and characterized the unit as demonstrating
vast technical prowess, agility, organization, patience and
sheer resourcefulness.”

These attributes are shown by the relentless campaigns waged
against multiple concurrent targets over a sustained period of
,” Symantec said.

But whereas other recent reports identified other powerful
Chinese hacking groups tied to the country’s government, Symantec
failed to directly accuse the computer pros as being state

Given the breadth and number of targets and regions involved,
we infer that this group is most likely a professional
hacker-for-hire operation that are contracted by clients to
provide information
,” Symantec said. “They steal on
demand, whatever their clients are interested in, hence the wide
variety and range of targets

Among those targets is Bit9, the self-proclaimed “leader in a
new generation of endpoint and server security based on real-time
visibility and malware protection
.” The United States
government is just one of the clients of Bit9, a firm that
analyzes software to make sure it’s secure enough to run on
certain systems. It was breached in June 2012 by a group now
identified by Symantec as Hidden Lynx.

Since November 2011, hundreds of organizations worldwide have
been targeted
” by the group, Symantec said in the report.
More than half of those targets are US-based, and around a
quarter are linked to the financial sector.

There is almost certainly a financial motivation behind these
,” Symantec said, accusing Hidden Lynx of mass
corporate espionage as well as attacks against nation-states and
governmental contractors alike.

Speaking to Reuters, the chief technologist at competing security
firm CrowdStrike said he thinks the group has worked solely for
the Chinese government and state-owned enterprises, despite
Symantec’s falling short of make such accusations.

Whether they are formally a military unit or a defense
contractor, that is unknown
,” CrowdStrike’s Dmitri
told the newswire.

Weighing in with the Wall Street Journal,
Alperovitch added, “There is no question they’re
working on behalf of the Chinese government

Earlier this year, Virginia-based security firm Mandiant released
a report accusing a group directly tied to the Chinese
government with comprising the systems of over 140 companies,
including many US-based corporations, such as Coca-Cola.

Comparing Hidden Lynx with other Chinese hacking firms,
Symantec’s Samir Kapuria, the company’s vice president of
business strategy and secure intelligence, told ABC News,
These guys are a lot more precise and surgical.”

The tactics and tools that they employ are things that they
like to keep hidden… This is when there’s a specific mission in
mind: ‘How do we infiltrate the supply chain of our ultimate
target? How do we tailor some specific attack that allows us to
go under the radar
?'” he said.

In the official report, embedded below, Symantec said the group
is highly organized and “can gain advanced access to zero-day
.” RT reported earlier this week that the US’
National Security Agency entered a contract last year with a
French hacking firm named Vupen that sells subscriptions to a service that
provides clients, including major governments, with details about
these vulnerabilities, named as such because manufacturers have
no time to patch up security flaws.

Major software vendors such as Microsoft and Adobe usually
take 6 to 9 months to release a security patch for a critical
vulnerability affecting their products, and this long delay
between the discovery of a vulnerability and the release of a
patch creates a window of exposure during which criminals
can rediscover a previously reported but unpatched vulnerability,
and target any organization running the vulnerable software
Vupen acknowledged on its website.

Copyright: RT