Operation Aurora

Operation Aurora was a cyber attack carried out on several Fortune 100 companies in the second half of 2009 carried out by exploiting a zero-day flaw (a previously unknown vulnerability in a computer application, meaning that the attack occurs on “day zero” of awareness of the vulnerability) found in Microsoft’s web browser, Internet Explorer. It was originally thought to be executed via a PDF exploit but Microsoft confirmed that a “vulnerability in the browser could allow hackers to remotely execute programs on infected machines.”

The attackers used a combination of tools in Javascript starting with a nop sled heap spray (a technique used in exploits to facilitate arbitrary code execution) each nop sled followed by the malicious code and then all followed by code to force IE to misuse memory.

According to Google, the attack traced back to China. They learned that the hackers had breached two Gmail accounts but were only able to access ‘from’ and ‘to’ information and subject headers of emails in these accounts. The company’s investigation into the attack showed that at least 34 other companies had been similarly targeted. Among the companies that were attacked were Adobe Systems, Symantec, Yahoo, Northrop Grumman and Dow Chemical. Experts claim the aim of the attacks was to gain information on weapon systems, political dissidents, and valuable source code that powers software applications. Additionally, dozens of Gmail accounts in China, Europe, and the United States had been regularly accessed by third parties, by way of phishing or malware on the users’ computers rather than a security breach at Google. Although Google did not explicitly accuse the Chinese government of the breach, it said it was no longer willing to censor results on google.cn, and that it will discuss,

“the basis on which we could run an unfiltered search engine within the law, if at all. We recognize that this may well mean having to shut down Google.cn, and potentially our offices in China.”

All I’m going to say is that if you use IE, you deserve to be attacked…physically!

[Symantec Malware analysis]

On another note, when this happened, people left flowers outside of their offices, at which point, a Chinese security guard removed them saying they were and “illegal flower tribute”….yeah, that’s a thing.

Illegal Flower Tribute

Illegal Flower Tribute


One thought on “Operation Aurora

  1. Pingback: The fall of the Great Firewall of China? | Serious Severity

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s