That kind of attack is particularly dangerous. With Bit9's digital signature, Hikit would look legitimate to other security software and not be detected as malware. Further investigation showed HiKit was used in so-called watering hole attacks, where legitimate websites are tampered with to deliver malware to visitors' computers.
The Chinese group added more backdoors - Fexel and Gresim - to their arsenal in 2013, which were used in conjunction with Hikit. Gresim had remained unknown before the security companies began collaborating, Symantec wrote.
Sign up for CIO Asia eNewsletters.