Investigators now believe that the recent attacks on Google and dozens of other companies came from a Chinese group specifically targeting corporate sites — not the US military or other government agencies.

Though it isn't clear whether the hacking group has any connections to the Chinese government, there is the possibility that it could be a so-called “patriotic hacking group” that acts in the government's interests, reports the Wall Street Journal.

So far, forensic investigations of some of the companies affected reveal infiltration techniques of a known Asian hacking group. The attack software was highly customized, suggesting the attackers may have written the software.

Intelligence and law-enforcement officials have noticed familiar hallmarks of previous attacks. The group that many investigators are focusing on uses Chinese computer systems to mount its attacks.

The group tends to use the same type of attack code to pilfer data in every scheme it executes, and is thought to be smaller because it tends to infect fewer machines and attack more surgically — stealing specific data.

The zero-day attack vector was innovative, but apparently the method used to steal the data once the infiltration had occurred bore traits of a group that has mounted attacks before, such as using specific kinds of software to create back doors into a company's network, so they can return repeatedly to take information.

That said, the group tends to take information periodically, rather than constantly.

A person briefed on the investigation said that another signature move involves sophisticated data-masking techniques, including routing the stolen-data traffic to appear as normal network traffic, though this has become common to other groups as well.

News reports state that “it has been difficult to determine” what information the group was targeting at each of the companies attacked, but this may be simply a matter of damage control on the part of Google and others.