The most advanced hacker group in China is composed of 50-100 professional cybercrooks who have breached Google, Adobe, RSA, Bit9 and Lockheed Martin in recent years, according to a new report from Symantec.
China’s involvement in most of the cyberattacks — some of the most high profile in recent history — was already known. Although Symantec would only confirm that the hackers are based in China, other security researchers tracking the same group say its sophistication, targets and methods indicate it is working for or on behalf of the Chinese government.
Still, the 28-page report from the Mountain View, Calif., security firm is the first to publicly link the same group to the numerous breaches, and offers new technical details on its methods. It also for the first time links China to the 2012 hack of Bit9, a security company used by the U.S. government and large companies to determine which software is cleared to run on their networks.
The group, which Symantec internally calls “Hidden Lynx,” has been active since at least 2009 and is most likely a “hackers for hire” service, the report said. It’s one of several hack teams in China, though security experts claim it’s the most advanced. (Hacking Google: not easy.)
This winter, Mandiant, another security firm, outed “Comment Crew” or “Shanghai Group,” another Chinese hacking team,and linked it to the country’s military.
“There is no question they’re working on behalf of the Chinese government,” said Dmitri Alperovitch, CTO of Crowdstrike, a cybersecurity firm, who has been tracking Symantec’s group for years. It’s possible the hackers act like digital defense contractors for China, Alperovitch said.
Crowdstrike employees internally refer to the group as “Aurora Panda.”
More than half (52.8%) of its targets since November 2011 have been in the U.S., with another 15.5% in Taiwan and 9% in China. U.S. companies and officials have repeatedly documented Chinese hackers theft of intellectual property from American firms.
In 2010, Google fingered Chinese hackers in a 2009 breach of its corporate systems. The company accused the hackers of trying, unsuccessfully, to break into the Gmail accounts of Chinese human rights activists.
The same hackers behind the Google attack have also gone after RSA, the computer security company known for its grey SecurID tokens, Symantec said. By accessing RSA’s systems, China was able to access the network of defense contractor Lockheed Martin. RSA disclosed it had been breached in 2011 and Gen. Keith Alexander, director of the National Security Agency, fingered China in that hack last year.
Symantec, a public company with international clients, was careful not to lay blame on the Chinese government. The company would only note that “much of the attack infrastructure and tools sued during these campaigns originate from network infrastructure in China.”
The Chinese embassy to the U.S. did not immediately respond to a request for comment Tuesday. When Mandiant released its China report this year, it told the New York Times, “Making unfounded accusations based on preliminary results is both irresponsible and unprofessional.”
The U.S. also has cyberspies that slip into Chinese networks. The U.S. government maintains it only seeks to keep tabs on the Chinese government — not steal data from Chinese companies, current and former U.S. officials have said.
0 comments:
Post a Comment