Symantec claims to have uncovered a group of professional hackers for hire that were been responsible for some of the most infamous cyber attacks directed at government agencies over the past few years.

Dubbed “Hidden Lynx”, taken from the string that was found in its command and control server communications, Symantec stated that key characteristics of this group includes its technical prowess, agility, organized, sheer resourcefulness, and patience.

“They are the pioneers of the “watering hole” technique used to ambush targets, they have early access to zero-day vulnerabilities, and they have the tenacity and patience of an intelligent hunter to compromise the supply chain to get at the true target,” Symantec described Hidden Lynx in its post.

In an infographic, Symantec further stated that the group of professional hackers had been active since at least as far back as 2009, and that the group hails from China.  It’s said to have somewhere between 500-1000 operatives, divided into two teams – Team Naid and Team Moudoor.

Team Moudoor uses the backdoor Trojan Moudoor liberally without worrying about getting caught or discovered by security firms, while Team Naid is more like the “special operations” team that takes care of the toughest and most valuable targets, ideally without being caught. Team Naid uses the Naid Trojan sparingly so as to avoid detection by security firms, and is only called into action on extremely rare occassions, when failure is not an option.  In a sense, Team Moudoor can act as a distraction since they operate quite openly, keeping security firms busy while Team Naid slips behind enemy lines unnoticed.

Most of the attacks are directed towards the US, with sectors such as information and communications technology, energy, aerospace and defense, financial services, marketing, and government agencies being the most common targets.

Source: Symantec

Because of the suspected number of operatives in the group, and the systemic way of conducting attacks, Symaned believes that Hidden Lynx is a group of “for-hire” professional hackers commissioned by other organizations to gather pertinent information.

“Given the breadth and number of targets and regions involved, we infer that this group is most likely a professional hacker-for-hire operation that are contracted by clients to provide information. They steal on demand, whatever their clients are interested in, hence the wide variety and range of targets,” Symantec added.