Operation Aurora Overview
Cyber-attacks are common in the defense industry, but in January 2010, a sophisticated, advanced persistent threat hacked into the commercial sector forever changing the face of cyber security. Dubbed “Operation Aurora” by McAfee, the attack targeted specific high profile corporations to obtain valuable intellectual property. Google, Yahoo, Juniper Networks and Adobe Systems were also among the victims of this highly coordinated cyber heist. By manipulating computer codes the attackers were able to exploit the Microsoft Internet Explorer vulnerabilities to gain access and obtain valuable sensitive information from over thirty high profile companies. Operation Aurora proves that the world is entering into a high-risk era where cybercrimes are no longer solely targeting governments but all sectors of different corporations and companies that were once immune are now under threat (McAfee Labs and McAfee Foundstone Professional Services 1).
According to Microsoft, sources admitted that there was an apparent Internet Explorer flaw in as earlier as September 2009. The Microsoft Security Response Center was planning to issue a patch for this vulnerability in February 2010. Unfortunately, Operation Aurora was able to hack into the vulnerabilities of Microsoft Explorer and exploit its codes to gain access and possibly take complete control of affected systems during the December 2009 and January 2010 time period (Naraine). A similar attack was discovered in July 2009, in which approximately 100 IT companies were hacked into by emails with malicious PDF attachments. The results and effects of the attacks have not been released therefore the success of that attack was unclear (Zetter, Google Hackers Targeted Source Code of More Than 30 Companies | Threat Level | Wired.com).
McAfee explains that the hackers of Operation Aurora invisibly infiltrated different systems without any visible signs of malicious intent or actions in a couple of steps. The attack began with
According to Microsoft, sources admitted that there was an apparent Internet Explorer flaw in as earlier as September 2009. The Microsoft Security Response Center was planning to issue a patch for this vulnerability in February 2010. Unfortunately, Operation Aurora was able to hack into the vulnerabilities of Microsoft Explorer and exploit its codes to gain access and possibly take complete control of affected systems during the December 2009 and January 2010 time period (Naraine). A similar attack was discovered in July 2009, in which approximately 100 IT companies were hacked into by emails with malicious PDF attachments. The results and effects of the attacks have not been released therefore the success of that attack was unclear (Zetter, Google Hackers Targeted Source Code of More Than 30 Companies | Threat Level | Wired.com).
McAfee explains that the hackers of Operation Aurora invisibly infiltrated different systems without any visible signs of malicious intent or actions in a couple of steps. The attack began with
Cited: Evers, Joris and Ian Bain. McAfee Offers Guidance and Protection as China-Linked Google Cyberattack Continues to Unfold. 17 January 2010. 03 September 2010 . McAfee Labs and McAfee Foundstone Professional Services. "White Paper: Protecting Your Critical Assets – Lessons Learned from “Operation Aurora”." March 2010. McAfee - threat_center - McAfee Labs Technical White Papers. 03 September 2010 . Naraine, Ryan. Microsoft knew of IE zero-day flaw since last September | ZDNet.com. 21 January 2010. 03 September 2010 . Zetter, Kim. Google Hack Attack Was Ultra Sophisticated, New Details Show | Threat Level | Wired.com. 14 January 2010. 03 September 2010 . —. Google Hackers Targeted Source Code of More Than 30 Companies | Threat Level | Wired.com. 13 January 2010. 03 September 2010 .