Mercenary hacker group 'Hidden Lynx' emerges as world's most potent cyber threat

Participants work at their laptops at the annual Chaos Computer Club (CCC) computer hackers' congress, called 29C3, on December 28, 2012 in Hamburg, Germany. The 29th Chaos Communication Congress (29C3) attracts hundreds of participants worldwide annually to engage in workshops and lectures discussing the role of technology in society and its future.
Patrick Lux

Overshadowing even the most infamous state-sponsored cyber armies, a group of hacker-mercenaries has emerged as the world’s new and most potent threat to information security, according to a report published by American information security corporation Symantec.

Symantec argues that the China-based group of hackers-for-hire, known as Hidden Lynx, eclipses even the cyber espionage arm of China’s People’s Liberation Army in both sophistication and ability. 

“The Hidden Lynx group is an advanced, persistent threat that has been in operation for at least four years and is breaking into some of the best-protected organizations in the world,” Satnam Narang, a researcher at Symantec, told GlobalPost.

More from GlobalPost: Syrian Electronic Army revealed: Anonymous hacks SEA website, dumps data

The 50 to 100 estimated operatives within Hidden Lynx have carried out some of the most complex cyberattacks in history. Symantec is not aware of any links between Hidden Lynx and the Chinese government; the group offers up their services to any organization or individual willing to pay.

Hidden Lynx was affiliated with Operation Aurora, a cyberattack launched in 2009 against Google and other companies. In 2012, they attacked Bit9, a security firm that offers advanced threat protection to corporations and governments. In the attack, Bit9’s digital code-signing certificate was compromised, meaning detailed information about corporations' and governments' networks security protocols could be easily obtained.

Not only have the hackers launched successful attacks against corporations and governments, they’re simultaneously stealing things like online gamers’ credentials, which they can then sell for a profit in underground black markets.

“Hidden Lynx offers a 'hacker for hire' service and is unique because it is one of the most organized, sophisticated groups using cutting edge hacking techniques to access information from organizations in some of the most technically advanced countries,” Narang said.

Industries targeted by Hidden Lynx include financial services, marketing and energy sectors as well as government and defense. According to Symantec, over half of their targets were located within the US, with Taiwan and China the second and third most targeted countries.

More from GlobalPost: China's hacker army revealed

Crafting their own malware and strategies, Hidden Lynx has demonstrated its ability to gain advanced knowledge with "zero-day exploits," attacks that take advantage of previously unknown vulnerabilities in computer applications. That's a significant capability, given how technically difficult it is to find vulnerabilities in software, and also to exploit them.

“The group’s tools, tactics and procedures are innovative and cutting-edge, illustrating the fact the group is an established team with years of experience and skill,” said Narang. Hidden Lynx is known to have been in operation since 2009.

Like Comment Crew, aka APT1 — understood to be one of the biggest and baddest hacker groups in the world — Hidden Lynx’s primary goal often focuses on the theft of information within organizations, in some of the wealthiest and most technologically advanced countries across the globe, to gain competitive advantages. However, without apparent ties to a government or other national allegiances, that advantage is sold to the highest bidder. Instead of international spying, Hidden Lynx may have cracked an even more lucrative market: corporate espionage.