Symantec Discovers Hacking Group Hired For Online Attacks
September 18, 2013

Symantec Discovers Hacking Group Hired For Online Attacks

Brett Smith for - Your Universe Online

A newly published report from the cyber-security company Symantec said the hacker group known as Hidden Lynx is based out of China. However, unlike previous similar reports, the latest analysis did not tie cyber-attacks specifically to the Chinese government.

The company said it has been tracking the hacker syndicate for the last two years and found them to be responsible for six major online attacks. At times, these attacks have targeted hundreds of different organizations at the same time.

"This group is most likely a professional hacker-for-hire operation that are contracted by clients to provide information," Symantec wrote in a blog post about Hidden Lynx. "They steal on demand, whatever their clients are interested in, hence the wide variety and range of targets."

Symantec add that the group shows the "tenacity and patience of an intelligent hunter" and has the "hunger and drive" to evolve into one of the most infamous groups operating today.

In the 28-page report, the security company said its experts believe the Hidden Lynx group is connected to the 2009 Operation Aurora attacks, an expansive cyber espionage campaign waged against US companies. The attack targeted Google and tens of other companies. In January 2010, the search giant disclosed the fact that Operation Aurora hackers searched Gmail accounts of human rights activists.

Unlike other hacker collectives like Lulzsec or Anonymous, Hidden Lynx appears to be motivated by profit – not causing mischief or a libertarian agenda, Symantec said.

"The clients could be governments or states, it could be other corporations,” Gavin O'Gorman, senior threat intelligence analyst at Symantec, told The Telegraph's Ben Riley-Smith. "A lot of the targets are in financial industries, especially investment banks, so it could be that people are trying to get evidence when negotiating contracts."

O’Gorman said these cyber campaigns can extend for months as the group works to bring down the defenses of their target and scour data to locate valuable information. Some observers said that attacks focused on government installation suggested that states are paying the group to do its work.

"Targeting advanced technologies in specific areas such as aerospace would be useful in order to close technological gaps or gain knowledge of the advanced capabilities of other nation states," the report read.

The report also said Hidden Lynx is involved in a major cyber campaign called Voho, which was uncovered last year by the internet security firm RSA. Voho is said to have targeted hundreds of organizations, from financial firms, to technology and healthcare companies. Voho is also said to have targeted defense contractors and government agencies.

This latest cyber security report differs from previous reports that have made a connection between cyber-attacks on US entities and the Chinese government. A study released in February from the cyber-security company Mandiant, said a Chinese military unit was engaged in cyber espionage on American institutions. The report went so far as to release photos of the building that Mandiant said was the unit's headquarters. Beijing fervidly denied the accusations in that report.