The shadowy hackers who made international headlines in 2009 when they hit Google, Adobe and many other U.S. technology companies are still active.
According to a new report from computer-security giant Symantec, the same crew has been the biggest purveyor and user of zero-day exploits over the past three years.
Although Symantec won't come right out and say so, the evidence it presents has many convinced that these zero-day attacks — which take advantage of previously unknown software flaws for which there is no readily available solution — are being carried out at the behest of the Chinese government.
Using what Symantec calls the "Elderwood Platform," these hackers employ a "watering hole" technique by preloading certain websites with malware — websites that are likely to be visited by employees of the targeted organizations.
"Although there are other attackers utilizing zero-day exploits (for example, the Sykipot, Nitro or even Stuxnet attacks), we have seen no other group use so many," Symantec said on its blog. "The group seemingly has an unlimited supply of zero-day vulnerabilities."
The most recent attacks occurred when security vulnerabilities were discovered in Adobe Flash and Internet Explorer. Symantec calls serious zero-day exploits, like the ones used by the Elderwood hackers, "rare" and labor-intensive to discover.
"A large undertaking would be required by the attackers to thoroughly reverse-engineer the compiled applications" unless the attacker had access to source code, the post said.
Three years ago, Google was targeted by what American researchers later dubbed "Project Aurora." In what they described as a "highly sophisticated" attack that involved a variety of malware, Google's network security was breached by hackers based in China who attempted to break into the email accounts of Chinese dissidents and who stole some of Google's intellectual property.
Dozens of cases of cyberespionage since, including the theft of cryptographic information from security-token maker RSA and a data breach at defense contractor Lockheed Martin, have been linked to Chinese state-sponsored hackers, who are often grouped under the euphemism "advanced persistent threats."
Symantec pointed out that such hackers often go after firms low down in the security supply chain as a stepping-stone, with the expectation that they will have less robust security features in place than the top-tier defense contractors or government agencies they ultimately want to target.