A Chinese hacker group called "Hidden Lynx" has been behind six different attack campaigns since 2011, according to a new report released this morning by security firm Symantec. Lynx is speculated to have between 50 and 100 active members at any given time, with two distinct teams split between low-level exploratory operations and more sophisticated attacks on high-profile targets like banks or US defense contractors. In one 2010 incident called "Operation Aurora," Lynx targeted Google's Gmail servers, gaining access to the accounts of dozens of human rights activists throughout the world.
In 2010, Hidden Lynx targeted Google's Gmail servers
The group was also notable for its occasional use of zero-day exploits, unpublished software weaknesses that fetch a high price on the open market. Less than five percent of malware attacks use zero-days, but for well secured targets, they're often the only way in. Symantec links the Hidden Lynx crew to three separate zero-day attacks in the last two years, suggesting the group is both well-funded and has excellent connections with the underground exploit trade.
Unlike earlier hacks targeting the New York Times, this group has no conclusive ties to the Chinese government or military. Symantec's report speculates Hidden Lynx is likely working for hire, although so far more than half of the attacks have been directed against the US.