The same hackers who allegedly hit Google and a range of other US firms last year appear to have been spotted attacking again, a security firm has warned.
It appears the gang behind what became known as the Aurora or Hydraq attacks has been active as far back as January, according to Symantec.
The most recent attack carrying similar characteristics to the ones that hit Google towards the end of 2009 involved exploiting a critical zero-day vulnerability in Adobe Reader, and dated back to the start of this month, said Symantec researcher Karthik Selvaraj.
One striking similarity between this recent effort and those that hit Google is in the social engineering method employed by the hackers, who used a specially-crafted email with a malicious PDF attachment, Selvaraj noted in a blog.
"In addition, the use of a zero-day within a PDF, and how the executable is dropped on the system, all match the Hydraq method of operation," he added.
"Furthermore, we have seen a large number of detections of unique versions of the PDF - not yet seen elsewhere in the wild - coming from a single computer in the Shandong Province of China, which is how far back investigators were able to trace the Hydraq attacks."
Various emails intercepted by Symantec included PDFs exploiting the same Adobe zero-day vulnerability and each dropped similar downloader components, but with different decoy PDFs.
All appeared to be from the same perpetrators in the Shandong Province an area which was implicated in the Google attacks.
Following the 2009 hacks, Google had threatened to leave China altogether, although the search giant also said it had issues with censorship in the country.
-
RSAC Conference 2025: The front line of cyber innovationITPro Podcast Ransomware, quantum computing, and an unsurprising focus on AI were highlights of this year's event
-
Anthropic CEO Dario Amodei thinks we're burying our heads in the sand on AI job lossesNews With AI set to hit entry-level jobs especially, some industry execs say clear warning signs are being ignored
-
The FBI says hackers are using AI voice clones to impersonate US government officialsNews The campaign uses AI voice generation to send messages pretending to be from high-ranking figures
-
Employee phishing training is working – but don’t get complacentNews Educating staff on how to avoid phishing attacks can cut the rate by 80%
-
Russian hackers tried to lure diplomats with wine tasting – sound familiar? It’s an update to a previous campaign by the notorious Midnight Blizzard groupNews The Midnight Blizzard threat group has been targeting European diplomats with malicious emails offering an invite to wine tasting events, according to Check Point.
-
This hacker group is posing as IT helpdesk workers to target enterprises – and researchers warn its social engineering techniques are exceptionally hard to spotNews The Luna Moth hacker group is ramping up attacks on firms across a range of industries with its 'callback phishing' campaign, according to security researchers.
-
Hackers are using Zoom’s remote control feature to infect devices with malwareNews Security experts have issued an alert over a new social engineering campaign using Zoom’s remote control features to take over victim devices.
-
State-sponsored cyber groups are flocking to the 'ClickFix' social engineering techniqueNews State-sponsored hackers from North Korea, Iran, and Russia are exploiting the ‘ClickFix’ social engineering technique for the first time – and to great success.
-
Hackers are targeting Ivanti VPN users again – here’s what you need to knowNews Ivanti has re-patched a security flaw in its Connect Secure VPN appliances that's been exploited by a China-linked espionage group since at least the middle of March.
-
Have I Been Pwned owner Troy Hunt’s mailing list compromised in phishing attackTroy Hunt, the security blogger behind data-breach site Have I Been Pwned, has fallen victim to a phishing attack targeting his email subscriber list.
