Chinese Google hackers back?

The same hackers who allegedly hit Google and a range of other US firms last year appear to have been spotted attacking again, a security firm has warned.

It appears the gang behind what became known as the Aurora or Hydraq attacks has been active as far back as January, according to Symantec.

The most recent attack carrying similar characteristics to the ones that hit Google towards the end of 2009 involved exploiting a critical zero-day vulnerability in Adobe Reader, and dated back to the start of this month, said Symantec researcher Karthik Selvaraj.

One striking similarity between this recent effort and those that hit Google is in the social engineering method employed by the hackers, who used a specially-crafted email with a malicious PDF attachment, Selvaraj noted in a blog.

"In addition, the use of a zero-day within a PDF, and how the executable is dropped on the system, all match the Hydraq method of operation," he added.

"Furthermore, we have seen a large number of detections of unique versions of the PDF - not yet seen elsewhere in the wild - coming from a single computer in the Shandong Province of China, which is how far back investigators were able to trace the Hydraq attacks."

Various emails intercepted by Symantec included PDFs exploiting the same Adobe zero-day vulnerability and each dropped similar downloader components, but with different decoy PDFs.

All appeared to be from the same perpetrators in the Shandong Province an area which was implicated in the Google attacks.

Following the 2009 hacks, Google had threatened to leave China altogether, although the search giant also said it had issues with censorship in the country.