Skip to main content

Hackers for hire: 100 strong team attacks governments and banks on demand

A secret group of up to 100 'hackers for hire' who breach high security targets in return for cash is operating from China, an investigation by Symantec has found.

The group, which the cyber security firm have named Hidden Lynx, has been active since 2009, with Symantec tracking it since 2011.

At least six significant campaigns by the hackers have been identified, including a large scale attack against international government agencies last year.

The group doesn't just target a select number of victims, however, instead it attacks hundreds of different organisations in many different regions, often concurrently.

"They are the pioneers of the "watering hole" technique used to ambush targets, they have early access to zero-day vulnerabilities, and they have the tenacity and patience of an intelligent hunter to compromise the supply chain to get at the true target," explained Symantec.

"Given the breadth and number of targets and regions involved, we infer that this group is most likely a professional hacker-for-hire operation that are contracted by clients to provide information. They steal on demand, whatever their clients are interested in, hence the wide variety and range of targets."

Over half of all attacks have been on US organisations, with the second largest country, Taiwan, being hit with a 15.5 per cent share.

The hackers main industry targets are financial services, government, IT, aerospace and defence, energy and marketing.

It is believed the group is very well organised and split into two teams. The first is focussed on attacking a large number of targets and intelligence collection through a back door Moudoor Trojan.

The second is an "elite special operations unit" which targets the most valuable or toughest marks through a more sophisticated Trojan.

"The Naid Trojan is used sparingly and with care to avoid detection and capture, like a secret weapon that is only used when failure is not an option," said the Symantec researchers.

For those looking for more information about the group and the attacks carried out by it, Symantec has published a whitepaper.