Researchers say one of the attack groups using the two new Java zero-day vulnerabilities is the same group that was behind an earlier targeted attack campaign from 2011. That group was traced back to China and was essentially running a spear-phishing campaign, but now the crew, known as Nitro, is using the Java vulnerabilities in Web-based attacks that install the Poison Ivy remote-access tool. Nitro group apparently is reusing both their command-and-control servers and some of the file names for the malicious executables.
Source: https://threatpost.com/use-java-zero-day-flaws-tied-nitro-attack-crew-083012/76965/