The same hackers who allegedly hit Google and a range of other US firms last year appear to have been spotted attacking again, a security firm has warned.
It appears the gang behind what became known as the Aurora or Hydraq attacks has been active as far back as January, according to Symantec.
The most recent attack carrying similar characteristics to the ones that hit Google towards the end of 2009 involved exploiting a critical zero-day vulnerability in Adobe Reader, and dated back to the start of this month, said Symantec researcher Karthik Selvaraj.
One striking similarity between this recent effort and those that hit Google is in the social engineering method employed by the hackers, who used a specially-crafted email with a malicious PDF attachment, Selvaraj noted in a blog.
"In addition, the use of a zero-day within a PDF, and how the executable is dropped on the system, all match the Hydraq method of operation," he added.
"Furthermore, we have seen a large number of detections of unique versions of the PDF - not yet seen elsewhere in the wild - coming from a single computer in the Shandong Province of China, which is how far back investigators were able to trace the Hydraq attacks."
Various emails intercepted by Symantec included PDFs exploiting the same Adobe zero-day vulnerability and each dropped similar downloader components, but with different decoy PDFs.
All appeared to be from the same perpetrators in the Shandong Province an area which was implicated in the Google attacks.
Following the 2009 hacks, Google had threatened to leave China altogether, although the search giant also said it had issues with censorship in the country.
-
‘Polyworking’ is a cybersecurity nightmare waiting to happenNews Particularly popular with Gen Z, so-called polyworking brings huge cybersecurity risks
-
July rundown: Salt Typhoon and SharePoint scaresITPro Podcast US public sector organizations are under serious threat from the state-backed hacking group
-
A new, silent social engineering attack is being used by hackers – and your security systems might not notice until it’s too lateNews Security researchers have warned the 'FileFix' technique, which builds on the notorious 'ClickFix' tactic, is being used in the wild by threat actors.
-
Industry welcomes the NCSC’s new Vulnerability Research Initiative – but does it go far enough?News The cybersecurity agency will work with external researchers to uncover potential security holes in hardware and software
-
The FBI says hackers are using AI voice clones to impersonate US government officialsNews The campaign uses AI voice generation to send messages pretending to be from high-ranking figures
-
Employee phishing training is working – but don’t get complacentNews Educating staff on how to avoid phishing attacks can cut the rate by 80%
-
Russian hackers tried to lure diplomats with wine tasting – sound familiar? It’s an update to a previous campaign by the notorious Midnight Blizzard groupNews The Midnight Blizzard threat group has been targeting European diplomats with malicious emails offering an invite to wine tasting events, according to Check Point.
-
This hacker group is posing as IT helpdesk workers to target enterprises – and researchers warn its social engineering techniques are exceptionally hard to spotNews The Luna Moth hacker group is ramping up attacks on firms across a range of industries with its 'callback phishing' campaign, according to security researchers.
-
Hackers are using Zoom’s remote control feature to infect devices with malwareNews Security experts have issued an alert over a new social engineering campaign using Zoom’s remote control features to take over victim devices.
-
State-sponsored cyber groups are flocking to the 'ClickFix' social engineering techniqueNews State-sponsored hackers from North Korea, Iran, and Russia are exploiting the ‘ClickFix’ social engineering technique for the first time – and to great success.
