Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

Chinese "Hidden Lynx" Hackers Launch Widespread APT Attacks

Symantec says advanced persistent attack operators are tied to hundreds of cyber break-ins, including Operation Aurora against Google.

The Syrian Electronic Army: 9 Things We Know
(click image for larger view)
The Syrian Electronic Army: 9 Things We Know
Remember Comment Crew, also known as APT1 or the Shanghai Group? They're the Chinese cyber-espionage gang that security firm Mandiant singled out earlier this year for having launched a number of devastating attacks against U.S. businesses and defense contractors.

Well, their efforts have been consistently -- and silently -- trumped by "Hidden Lynx," a different group of "best of breed" advanced persistent threat (APT) attackers who have hacked into the networks of such businesses as Adobe, Bit9, Google Lockheed Martin and RSA, according to a report released Tuesday by security firm Symantec.

"This group has a hunger and drive that surpass other well-known groups such as APT1/Comment Crew," due in no small measure to the group's technical abilities, levels of organization, "sheer resourcefulness" and patience, Symantec's Security Response team said in a related blog post. It said the group's name was drawn from code retrieved from the hackers' command-and-control servers.

[ How secure is the new iPhone? Read Apple Hackers Rate iPhone 5s Security. ]

Like the Comment Crew, Hidden Lynx appears to be operating from China, and employs largely Chinese-built tools and China-based malicious infrastructure. But Symantec said that unlike Comment Crew, this group -- which regularly steals information that would be of value "to both commercial and governmental organizations" -- appears to be a much more "well-resourced and sizeable organization."

"There is no question they're working on behalf of the Chinese government," CrowdStrike CTO Dmitri Alperovitch told The Wall Street Journal. He said the group, which Crowdstrike has been tracking for years -- the firm refers to it as "Aurora Panda" -- might serve as defense contractors for the Chinese government.

According to CrowdStrike, since November 2011, half of the group's targets have been in the United States, 16% in Taiwan and 9% in China.

Hidden Lynx appears to have been active since 2009, and often runs multiple attack campaigns simultaneously. "This group doesn't just limit itself to a handful of targets; instead it targets hundreds of different organizations in many different regions, even concurrently," said Symantec. "Given the breadth and number of targets and regions involved, we infer that this group is most likely a professional hacker-for-hire operation that [is] contracted by clients to provide information. They steal on demand, whatever their clients are interested in, hence the wide variety and range of targets."

Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
Commentary
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
Edge-DRsplash-11-edge-ask-the-experts
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
News
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-35196
PUBLISHED: 2021-06-21
** DISPUTED ** Manuskript through 0.12.0 allows remote attackers to execute arbitrary code via a crafted settings.pickle file in a project file, because there is insecure deserialization via the pickle.load() function in settings.py. NOTE: the vendor's position is that the product is not intended fo...
CVE-2010-1433
PUBLISHED: 2021-06-21
Joomla! Core is prone to a vulnerability that lets attackers upload arbitrary files because the application fails to properly verify user-supplied input. An attacker can exploit this vulnerability to upload arbitrary code and run it in the context of the webserver process. This may facilitate unauth...
CVE-2010-1434
PUBLISHED: 2021-06-21
Joomla! Core is prone to a session fixation vulnerability. An attacker may leverage this issue to hijack an arbitrary session and gain access to sensitive information, which may help in launching further attacks. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.15 are vulne...
CVE-2010-1435
PUBLISHED: 2021-06-21
Joomla! Core is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently retrieve password reset tokens from the database through an already existing SQL injection vector. Joomla! Core versions 1.5.x ranging from 1.5...
CVE-2010-0413
PUBLISHED: 2021-06-21
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.