Many experts have said that the attacks against RSA and later, Lockheed, were probably conducted by a state-sponsored or state-run group, and have added that the most likely backer was China because of the firms targeted and the fact that the data stolen had value only to a government.
Google has also blamed China for attacks against its own network and the email accounts of some of its Gmail users. The Chinese government has repeatedly denied all allegations of sponsoring or conducting attacks.
But on Tuesday, security company McAfee added fuel to the flames by publishing research on a massive cyber espionage campaign that hacked at scores of U.S. and foreign government agencies, defense contractors and international organizations to plant malware that in some cases hid on networks for years. Although McAfee said just one hacking group was responsible and likely acted on the behalf of a government, it declined to name names.
Stewart's sleuthing, however, made clear that someone in China has been stealing U.S. and Western secrets.
Also yesterday, SecureWorks released signatures that companies and organizations can use to detect similar traffic to see if they, too, were infiltrated. "These fingerprints have a limited shelf life," said Stewart, implying that the attackers would quickly correct their HTran error. "We hope that every institution potentially impacted by APT activity will make haste to search out signs of this activity for themselves before the window of opportunity closes."
Stewart's analysis is available on the SecureWorks' website.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer , on Google+ or subscribe to Gregg's RSS feed . His e-mail address is firstname.lastname@example.org .
Read more about security in Computerworld's Security Topic Center.