Securo-boffins link HIRED GUN hackers to Aurora, Bit9 megahacks

Researchers: It was 'resourceful' Hidden Lynx crew wot done it


Security researchers have linked the “Hackers for hire” Hidden Lynx Group with a number of high-profile attacks, including an assault on net security firm Bit9, as well as the notorious Operation Aurora assault against Google and other hi-tech firms back in 2009.

Hidden Lynx is a sophisticated hacking group based in China and made of up of between 50 to 100 individuals, according to Symantec. The hackers provide "full service" as well as "customised" cyber-espionage attacks against corporate and government targets, claims the security firm. Its favoured tactics include compromising third-party sites frequented by individuals from targeted organisations with malicious code.

Such so-called watering hole attacks are an easier way to go after marks than hacking into the websites of defence contractors, government organisations and other targets directly. The group, which has operated for more than three years, has used zero-day exploits three times since 2011 alone, says Symantec.

The researchers believe the group compromised security firm Bit9’s digital code-signing certificate as part of a stepping-stone attack ultimately aimed at defence industry customers of the net security firm's whitelisting technology.

Hidden Lynx also has affiliations to Operation Aurora, the 2009 mass break-in to more than 30 big technology companies, including Google and Adobe, the security firm claims.

"This group has a hunger and drive that surpass other well-known groups such as APT1/Comment Crew," Symantec concludes in a blog post that praises the group for its "technical prowess", resourcefulness and patience in running multiple attacks.

The group's main targets include IT firms, defence and aeronautics contractors, energy sector, finance, healthcare and governments in multiple countries including the US, Taiwan and Japan. More than half the attacks linked to the group were thrown against US organisations.

Hidden Lynx "engage in a two-pronged strategy of mass exploitation and pay-to-order targeted attacks for intellectual property using two Trojans designed specifically for each purpose", according to Symantec. Team Moudoor, a sub-group of Hidden Lynx, distributes Moudoor, a customised version of the “Gh0st RAT” Trojan, for large-scale campaigns.

Another sub-group, Team Naid, distributes the Naid Trojan, which appears to be reserved for more limited attacks against high value targets. Naid has been linked to the Bit9 incident.

More on Hidden Lynx (whose name is derived from a string found in command-and-control server communications) is available in a whitepaper published on Tuesday (PDF). ®


Other stories you might like

  • Now that's wafer thin: Some manufacturers had less than five days of chip supplies, says Uncle Sam

    Components fabbed using 40nm-plus process nodes hit hard

    Hardware manufacturers hit hardest by the global semiconductor shortage had less than five days of chips in their inventories last year – and should expect supply chain issues to continue throughout 2022 – the US Department of Commerce said this week.

    Demand for semiconductors skyrocketed during the pandemic as folks purchased more PCs, laptops, and tablets to work or learn from home, and cloud giants scaled up their backend systems to cope. Supply, however, couldn't keep up. The median inventory of semiconductor buyers in 2019 was 40 days of supply. By 2021 that figure was down to less than five days for certain key US sectors, the department said in a report, while demand was up 17 per cent.

    Production was initially slowed at factories around the world due to shelter-at-home orders as the coronavirus pandemic took hold. Some facilities had to temporarily shut down after they were hit with natural disasters, such as fires and snowstorms. But between Q2 2020 and the end of 2021 fabs were operating at over 90 per cent capacity and still couldn't meet global demand.

    Continue reading
  • Baidu's AI predictions for 2022: Autonomous driving! Quantum computing! Space! Human-machine symbiosis!

    Did a computer program tell them to write this?

    Baidu Research's AI-centric "Top 10 Tech Trends in 2022" report has outlined the Middle Kingdom megacorp's predictions for technology over the coming year.

    Baidu CTO Haifeng Wang describes AI as a "key driving force of innovation and development," thanks to rapidly evolving core technologies, cross-domain connectivity, and expanding applications.

    It's no surprise that the list focuses on AI given Baidu's business domain. The Beijing-based company's search engine captures over 70 per cent of the Chinese market while also developing other products, particularly AI research and cloud computing. The research arm takes a deeper look at its associated technologies. Think Google but Chinese.

    Continue reading
  • Nvidia reportedly prepares for un-Arm'd fight with rivals: $40bn takeover may be abandoned

    Softbank, meanwhile, remains 'hopeful' it can offload Brit chip designer

    Nvidia is quietly preparing to give up on the purchase of Arm, according to Bloomberg, after repeatedly butting heads with competition regulators amid a wave of opposition from the tech industry.

    A report by the newswire states Nvidia privately told its partners it does not expect the Arm transaction to close. The report also claims Arm's current owner SoftBank is pressing ahead with an IPO of Arm.

    The $40bn bid Nvidia lodged for Arm in September 2020 has proved controversial: Arm licences its chip designs to multiple clients and some felt that buying the company will give Nvidia the power to stifle competition.

    Continue reading

Biting the hand that feeds IT © 1998–2022