Google: "Operation Aurora" attack

From the McAfee Security Insights Blog

(…) As I have written before, I believe this is the largest and most sophisticated cyberattack we have seen in years targeted at specific corporations. While the malware was sophisticated, we see lots of attacks that use complex malware combined with zero day exploits. What really makes this is a watershed moment in cybersecurity is the targeted and coordinated nature of the attack with the main goal appearing to be to steal core intellectual property.

The list of organizations reported to have been hit by the cyberattack continues to grow. As a result, many companies and governments are asking us how they can determine if they were targeted in the same sophisticated cyberattack that hit Google. The high profile cyberattack, linked to China by Google, targeted valuable intellectual property.

We’re also getting a lot of questions about the yet-to-be-patched vulnerability in Internet Explorer that was exploited in the cyberattack. That’s an important question as well, because Internet Explorer users currently face a real and present danger due to the public disclosure of the vulnerability and release of attack code, increasing the possibility of widespread attacks.


From the McAfee special page on Aurora

On January 14, 2010 McAfee Labs identified a zero-day vulnerability in Microsoft Internet Explorer that was used as an entry point for Operation Aurora to exploit Google and at least 20 other companies. Microsoft has since issued a security bulletin and patch.

Operation Aurora was a coordinated attack which included a piece of computer code that exploits the Microsoft Internet Explorer vulnerability to gain access to computer systems. This exploit is then extended to download and activate malware within the systems. The attack, which was initiated surreptitiously when targeted users accessed a malicious web page (likely because they believed it to be reputable), ultimately connected those computer systems to a remote server. That connection was used to steal company intellectual property and, according to Google, additionally gain access to user accounts. Learn more.