Chinese Google hackers back?
The same China-based hackers who were thought to have hit Google last year appear to be still active, Symantec has suggested.


The same hackers who allegedly hit Google and a range of other US firms last year appear to have been spotted attacking again, a security firm has warned.
It appears the gang behind what became known as the Aurora or Hydraq attacks has been active as far back as January, according to Symantec.
The most recent attack carrying similar characteristics to the ones that hit Google towards the end of 2009 involved exploiting a critical zero-day vulnerability in Adobe Reader, and dated back to the start of this month, said Symantec researcher Karthik Selvaraj.
One striking similarity between this recent effort and those that hit Google is in the social engineering method employed by the hackers, who used a specially-crafted email with a malicious PDF attachment, Selvaraj noted in a blog.
"In addition, the use of a zero-day within a PDF, and how the executable is dropped on the system, all match the Hydraq method of operation," he added.
"Furthermore, we have seen a large number of detections of unique versions of the PDF - not yet seen elsewhere in the wild - coming from a single computer in the Shandong Province of China, which is how far back investigators were able to trace the Hydraq attacks."
Various emails intercepted by Symantec included PDFs exploiting the same Adobe zero-day vulnerability and each dropped similar downloader components, but with different decoy PDFs.
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
All appeared to be from the same perpetrators in the Shandong Province an area which was implicated in the Google attacks.
Following the 2009 hacks, Google had threatened to leave China altogether, although the search giant also said it had issues with censorship in the country.
Tom Brewster is currently an associate editor at Forbes and an award-winning journalist who covers cyber security, surveillance, and privacy. Starting his career at ITPro as a staff writer and working up to a senior staff writer role, Tom has been covering the tech industry for more than ten years and is considered one of the leading journalists in his specialism.
He is a proud alum of the University of Sheffield where he secured an undergraduate degree in English Literature before undertaking a certification from General Assembly in web development.
-
GitHub just launched a new 'mission control center' for developers to delegate tasks to AI coding agents
News The new pop-up tool from GitHub means developers need not "break their flow" to hand tasks to AI agents
-
The Allianz Life data breach just took a huge turn for the worse
News Around 1.1 million Allianz Life customers are believed to have been impacted in a recent data breach, making up the vast majority of the insurer's North American customers.
-
The Allianz Life data breach just took a huge turn for the worse
News Around 1.1 million Allianz Life customers are believed to have been impacted in a recent data breach, making up the vast majority of the insurer's North American customers.
-
Flaw in Lenovo’s customer service AI chatbot could let hackers run malicious code, breach networks
News Hackers abusing the Lenovo flaw could inject malicious code with just a single prompt
-
A new, silent social engineering attack is being used by hackers – and your security systems might not notice until it’s too late
News Security researchers have warned the 'FileFix' technique, which builds on the notorious 'ClickFix' tactic, is being used in the wild by threat actors.
-
Industry welcomes the NCSC’s new Vulnerability Research Initiative – but does it go far enough?
News The cybersecurity agency will work with external researchers to uncover potential security holes in hardware and software
-
The FBI says hackers are using AI voice clones to impersonate US government officials
News The campaign uses AI voice generation to send messages pretending to be from high-ranking figures
-
Employee phishing training is working – but don’t get complacent
News Educating staff on how to avoid phishing attacks can cut the rate by 80%
-
Russian hackers tried to lure diplomats with wine tasting – sound familiar? It’s an update to a previous campaign by the notorious Midnight Blizzard group
News The Midnight Blizzard threat group has been targeting European diplomats with malicious emails offering an invite to wine tasting events, according to Check Point.
-
This hacker group is posing as IT helpdesk workers to target enterprises – and researchers warn its social engineering techniques are exceptionally hard to spot
News The Luna Moth hacker group is ramping up attacks on firms across a range of industries with its 'callback phishing' campaign, according to security researchers.