Chinese Google hackers back?
The same China-based hackers who were thought to have hit Google last year appear to be still active, Symantec has suggested.
The same hackers who allegedly hit Google and a range of other US firms last year appear to have been spotted attacking again, a security firm has warned.
It appears the gang behind what became known as the Aurora or Hydraq attacks has been active as far back as January, according to Symantec.
The most recent attack carrying similar characteristics to the ones that hit Google towards the end of 2009 involved exploiting a critical zero-day vulnerability in Adobe Reader, and dated back to the start of this month, said Symantec researcher Karthik Selvaraj.
One striking similarity between this recent effort and those that hit Google is in the social engineering method employed by the hackers, who used a specially-crafted email with a malicious PDF attachment, Selvaraj noted in a blog.
"In addition, the use of a zero-day within a PDF, and how the executable is dropped on the system, all match the Hydraq method of operation," he added.
"Furthermore, we have seen a large number of detections of unique versions of the PDF - not yet seen elsewhere in the wild - coming from a single computer in the Shandong Province of China, which is how far back investigators were able to trace the Hydraq attacks."
Various emails intercepted by Symantec included PDFs exploiting the same Adobe zero-day vulnerability and each dropped similar downloader components, but with different decoy PDFs.
Sign up today and you will receive a free copy of our Future Focus 2026 report - the leading resource for IT decision-maker insight on priorities and investment areas in AI, security and more.
All appeared to be from the same perpetrators in the Shandong Province an area which was implicated in the Google attacks.
Following the 2009 hacks, Google had threatened to leave China altogether, although the search giant also said it had issues with censorship in the country.
Tom Brewster is currently an associate editor at Forbes and an award-winning journalist who covers cyber security, surveillance, and privacy. Starting his career at ITPro as a staff writer and working up to a senior staff writer role, Tom has been covering the tech industry for more than ten years and is considered one of the leading journalists in his specialism.
He is a proud alum of the University of Sheffield where he secured an undergraduate degree in English Literature before undertaking a certification from General Assembly in web development.
-
‘They risk damaging confidence’: A Canadian health board outraged staff with phishing tests offering paid leave – experts say it shows why you need to be careful with cyber awareness campaignsNews Phishing tests require a delicate touch, emulating realism while not “exploiting goodwill”
-
OpenAI expands 'Daybreak' cyber program: New tools, partnerships, and a cyber-focused GPT-5.5 aim to help 'patch the world'News The company has added new tools, signed up partners, and released its GPT-5.5-Cyber model more widely
-
Hackers are capitalizing on AI hype to ramp up social engineering attacks – and they're using big brands like Anthropic, OpenAI, and DeepSeek as ‘bait’ to lure victimsNews Microsoft says cyber criminals are impersonating popular AI platforms to deliver malware
-
AI is shrinking attack windows, and it’s forcing a complete rethink of cyber resilience – here’s how organizations can prepareNews Commvault has urged companies to improve their business continuity and resilience plans in the face of flaws spotted by AI
-
Two US nationals sentenced for role in prolific fake worker laptop farmsNews The Americans were raising money for the North Korean regime by allowing fake IT workers to appear as legitimate US-based employees
-
Beware of emails threatening a code of conduct reviewNews A widespread phishing campaign has targeted tens of thousands of employees
-
Anthropic targets vulnerability detection gains with Claude Security public beta — here's what users can expectNews The Claude Mythos developer is aiming for a more limited approach to cyber tooling for public consumption
-
Researchers warn millions of RDP and VNC servers are wide open to exploitationNews Researchers at Forescout spotted millions of RDP and VNC servers exposed online

