430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Cyber Crime

Security Companies united against the Hidden Lynx APT and its weapons

Principal security firms united in a joint effort dubbed Operation SMN against the cyber espionage group known as Hidden Lynx and its arsenal. The Hidden Lynx APT is a China-based group of hackers that conducted numerous cyber espionage campaign against U.S. defense contractors and other foreign organizations. The name Hidden Lynx was assigned to the APT by experts at […]

China Great Firewall

Principal security firms united in a joint effort dubbed Operation SMN against the cyber espionage group known as Hidden Lynx and its arsenal.

The Hidden Lynx APT is a China-based group of hackers that conducted numerous cyber espionage campaign against U.S. defense contractors and other foreign organizations.

The name Hidden Lynx was assigned to the APT by experts at Symantec because they discovered a string with this name in the command and control server communications. According to the experts, the Hidden Lynx group is hackers for hire” time which appeared more aggressive of well-known groups such as APT1/Comment Crew.

As reported in the following Infograph, the Hikit backdoor has been used in cyber espionage attacks against a large number of entities in the US, Japan, Taiwan, South Korea, and other counties. The Hidden Lynx APT targeted practically every industry, including government, technology, research, defense and aerospace.

Hidden Lynx malware Pie

“Since then, Hidden Lynx has continued to use Hikit in its attacks against organizations predominantly in Taiwan, the US, Japan, and South Korea,” Symantec said. “In 2013, Hidden Lynx underwent a significant re-tooling effort, introducing two new malware tools, Backdoor.Fexel andBackdoor.Gresim, which it continues to use in conjunction with Hikit. Backdoor.Gresim was undiscovered prior to this collaboration effort.”

HiddenLynx Infographic

A joint force of experts composed by researchers from principal security companies (Symantec, Cisco Systems, FireEye, F-Secure, iSight Partners, ThreatConnect, Tenable, Microsoft, ThreatTrack Security and Volexity) conducted an operation dubbed ‘Operation SMN’ to target the Hikit backdoor and other malware used by the popular group.

The joint force was coordinated by security firm Novetta as part of Microsoft’s new Coordinated Malware Eradication program

“A coordinated operation involving Symantec and a number of other security companies has delivered a blow against Backdoor.Hikit and a number of other malware tools used by the Chinese-based cyberespionage group Hidden Lynx. Dubbed Operation SMN, this cross-industry collaboration has seen major security vendors share intelligence and resources, resulting in the creation of comprehensive, multi-vendor protection which may significantly blunt the effectiveness of this malware.” announced Symantec.

The operation allowed the expert to exchange threat intelligence data on the cyber threat, precious information on the techniques, tactics, and procedures (TTPs) which characterized the operations of the Hidden Lynx team.

“We felt it was important to take action proactively in coordination with our coalition security industry partners,” said Novetta CEO Peter B. LaMontagne, in a statement. “The cumulative effect of such coordinated approaches could prove quite disruptive to the adversaries in question and mitigate some of the threat activity that plagues the joint customer base of this coalition.”

Hikit is an insidious remote access Trojan (RAT) that has been used in attacks since 2011, security experts detected it as essetial malware in the arsenal of popular Chinese APT groups, including Hidden Lynx and Pupa (Deep Panda).

“Hidden Lynx used Hikit during its compromise of Bit9’s trusted file-signing infrastructure in 2012,” Symantec noted. “This attack was then leveraged to mount the VOHO campaign in July 2012 using Bit9-signed malware. The ultimate target of this campaign was US companies whose computers were protected by Bit9. Hikit once again played a key role in this attack campaign.”

A comprehensive technical report about the operation is set to be released October 28th.

Stay tuned!

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs –  Hidden Lynx, APT)

[adrotate banner=”12″]