Nearly three years ago, Google was hacked by a group that was almost certainly sponsored by the Chinese Government. But as Wired tells it, the assignment for that group wasn’t a one-off thing. In fact, they’ve executed no fewer than eight zero-day attacks on websites over the past three years, and have compromised at least 1000 computers in various sectors.
The news originally came from a research report compiled by Symantec, which says the group went after US companies in various sectors, including defence, energy, technology and finance, not to mention Chinese dissidents. All of these attacks revolved around zero-day exploits, in which the hackers — dubbed the Elderwood Group — discover any vulnerabilities and launch an attack before a developer is even aware of the issue. In 2011, there were eight total. In the past few months, Symantec says the group has pulled off four.
Wired believe it takes a sophisticated team to pull off something so complex.
In these so-called “watering hole” attacks — named for their similarity to a lion waiting for unsuspecting prey to arrive at a watering hole — an invisible iframe on the web site causes victim computers to contact a server and silently download a backdoor Trojan that gives the attackers control over the victim’s machine.
Symantec believes the gang involves several teams of varying skills and duties. One team of highly skilled programmers is likely tasked with finding zero-day vulnerabilities, writing exploits, crafting re-usable platform tools, and infecting web sites; while a less skilled team is involved with identifying targets based on various goals — stealing design documents for a military product or tracking the activities of human rights activists — and sending out the spear-phishing attacks. A third team is likely tasked with reviewing and analysing the intelligence and intellectual property stolen from victims.
But how did Symantec trace these attacks back to the Elderwood Group? Well, as it turns out, many of the same code snippets and executable files used in the Google attack were used in nearly all of the later attacks. Given how active this group is, their seemingly direct ties to China and America’s grandstanding about cybertheats, the thought of a Cyberwar with China might not be too far fetched. [Symantec via Wired]
Image: alexskopje / Shutterstock