China Believed Behind New Hacking Mercenaries

Recent cyberattacks suspected to have come from China have caught the security industry by surprise. One hacker group found a unique vulnerability in Internet Explorer that put security experts on high alert. Two other groups of hackers are believed to be mercenaries conducting what appear to be state-sponsored attacks.

Facing evolving state-sponsored attacks, nearly 58 percent of security professionals at the Black Hat USA 2013 hacker conference in Las Vegas believe the United States is losing the cyber battle.

The opinion comes from close to 200 security professionals at Black Hat surveyed by Lieberman Software. The conference attracts people ranging from malicious hackers, to hactivists, to security professionals at major companies and in government.

Recent attacks give weight to their concern. A cyberattack announced Sept. 21 by FireEye, dubbed “DeputyDog,” showed hackers had found a zero-day vulnerability in Internet Explorer 8 and 9. Security firm FireEye believes the group behind the attack is the same that hacked security company Bit9 in February, and was believed to be the work of Chinese hackers.

A zero-day vulnerability is one whose exploitation can’t be guarded against. Companies often patch zero-days when they are found, yet as of Sept. 30, Microsoft still had not released a patch for the DeputyDog attack.

FireEye found DeputyDog was targeting computer networks in Japan, yet findings from security firms Websense and AlienVault say it could also be targeting organizations in Taiwan.

Soon after, a group of hacker mercenaries was uncovered in a cyberespionage campaign against targets in South Korea and Japan that was targeting supply chains for Western companies. Security company Kaspersky announced the attack it dubbed “Icefog” on Sept. 26.

While experts at Kaspersky did not pin the attack on a specific country, it told The Register that the hackers behind the campaign were the same who launched an attack on the Japanese Diet in 2011, which was believed to be the work of Chinese hackers. Some messages and code comments used in the attack were also in Chinese.

The group behind Icefog is the second group of hacker mercenaries uncovered recently. On Sept. 17 security company Symantec released findings on a group of hacker mercenaries it called “Hidden Lynx,” which it described as an elite group of Chinese hackers with a “hunger and drive” that surpasses even Chinese military hackers.

Security professionals are aware of the evolving threats, according to the Black Hat survey. While 62 percent of respondents said they believe their organization will be targeted by a state-sponsored attack in the next six months, they acknowledge this may only be the beginning. Close to 96 percent believe that hacking will get worse.