Here is a VirusTotal report for an early version of the CVE-2010-0249 ("Aurora") exploit, showing that the malicious binary was authored by the "Cuteqq Software Team"
"Cuteqq" does seem to have its usage in several Chinese exploits / variable names. (QQ is a popular Chinese web service for email, chat, news, etc.)
VirusTotal analysis of the actual payloads shows that most A/V vendors (including our inline A/V solution) detect the malicious payloads dropped by the infected webservers:
Neither of these payloads attributed themselves to the "Cuteqq" team directly within the binary signature / authorship information.
WHOIS information for the two domains related to this incident show CN attribution: