Symantec, Microsoft and Cisco break ground in APT counterattack.
A coalition of security firms has come together to combat an advanced persistent threat (APT) used by several Chinese hacking groups.
Operation SMN targeted the backdoor malware Hikit, a trojan used by hackers to remotely access computers to upload malware and send instructions.
Symantec, one firm in the coalition, said: "This is the first time that a significant effort to disrupt the activities of an APT has been made.
"Through effective collaboration, we can help ensure that any organization likely to be targeted by these groups will be better protected in the future."
Hikit is said to have been used against rivals of China such as the US, Japan and Taiwan, including companies in government, technology and defence sectors.
At least two hacking gangs are known to have used Hikit, one called Hidden Lynx, or Aurora, and the other called Pupa, or Deep Panda. It is not known if these groups are linked.
"Hidden Lynx is regarded as one of the pioneers of the ‘watering-hole’ attack method and it appears to have early access to zero-day vulnerabilities," Symantec added.
Watering-hole attacks take the form of poisoning smaller companies linked in some way to the true targets, while zero-day bugs are unpatched flaws presently unknown to software developers.
Hidden Lynx is thought to employ between 50 and 100 people, and is suspected of offering hacking-as-a-service, choosing a diverse array of targets as demanded by its funders.
Members of the coalition include network firm Cisco, security company FireEye, and the software firm Microsoft, among others.