LAST June, one of the world's most advanced hacker
groups hit a problem. The US defence contractor whose systems it wanted
to access only allowed a small set of trusted IP addresses to connect to
their network. In an unusual move – hackers typically go for the
low-hanging fruit – the group hacked the company that provided the IP
whitelisting service, enabling it to forge access certificates.
This group, which calls itself Hidden Lynx, was given a vague face last week when antivirus software-maker Symantec
released a report profiling it. Believed to be based in China, the
group is known only through traces of malicious software bearing its
mark found in the compromised computers of some of the world's largest
companies.
Until now, little has been known about the group responsible for the Bit9 attack. Now, a detailed report released by security firm Symantec reveals it was a highly organized gang of hackers that has breached some 100 companies and government organizations around the world since 2009. They're dubbed the Hidden Lynx gang, based on a text string found on one of the command and control (C&C) servers they use to communicate with infected machines inside the organizations they compromise.
"From the evidence seen, it's clear that Hidden Lynx belongs to a professional organization," the report stated.
Currently, Hidden Lynx primarily uses two backdoor trojans: Moudoor – a customized version of Gh0st RAT malware that the group used against a wide range of industries, including financial, government, health care and education sectors; and Naid, specially-crafted malware used to infiltrate entities in the defense sector.
the group is skilled and highly resourced given the fact they've been quick to “throw away” zero-days after details about the threats become public knowledge, unlike some hacker groups that continue to make use of vulnerabilities with available patches.
Haley warned that watering hole attacks appear to be the attack vector of choice for Hidden Lynx hackers, meaning the group infects legitimate websites frequently visited by their targets.
留言
張貼留言