Article Lead Image

These elite Chinese hackers aren’t government tools—they’re entrepreneurs

Despite what you've heard, not every top Chinese hacking group is a government tool. 


Curt Hopkins

Internet Culture

Posted on Sep 19, 2013   Updated on Jun 1, 2021, 6:04 am CDT

Modern China is a weird combination of Iron Age capitalism and modern state autarchy. This odd marriage penetrates everything, including the country’s famed hacker groups, who are notorious for their government connections and military support.

Then there’s “Hidden Lynx,” a hacking group that, according to a report by security firm Symantec, has managed to put profit at the forefront and hack for clients, not for the great leap forward.

Hidden Lynx, according to Symantec, “are the pioneers of the “watering hole” technique used to ambush targets, they have early access to zero-day vulnerabilities, and they have the tenacity and patience of an intelligent hunter to compromise the supply chain to get at the true target.

These supply chain attacks are carried out by infecting computers at a supplier of an intended target and then waiting for the infected computers to be installed and call home, clearly these are cool calculated actions rather than impulsive forays of amateurs.”

Among other stunts, during one 2012 campaign they hacked the authentication keys used by application whitelisting company Bit9, allowing them, as Ars Technica notes, to “infect more valuable targets inside military contracting firms who used the service.”

The group is estimated to have been around at least since 2009 and to have between 50 and 100 members.

Their cleverness alone doesn’t set them apart from script kiddie website defacement crews. It’s also the sheer quantity of their campaigns. They have hit hundreds of geographically dispersed targets, some concurrently.

“Given the breadth and number of targets and regions involved,” said Symantec, “we infer that this group is most likely a professional hacker-for-hire operation that are contracted by clients to provide information.”

Joe Stewart, a security consultant at Dell SecureWorks who analyzes malware infections, told Bloomberg, that, based on 24,000 infected domains he’s identified, about 10 teams of Chinese hackers have released 300 malware groups in the last year, double the counter from the year previous.

“There is a tremendous amount of manpower being thrown at this from their side,” he said.

Large-scale business concerns in China cannot flourish without Communist Party patronage. One wonders if any hacker group with this much power can so easily sidestep government interference—or patronage.

So, is Hidden Lynx the harbinger of the Dark Web version of the new China, or is it just the first group of its kind to come to Western notice?  

H/T RedOrbit | Photo by TheRealShawnShawn/Flickr

Share this article
*First Published: Sep 19, 2013, 4:51 pm CDT