Operation Aurora

Not to be confused with Aurora Generator Test.
Operation Aurora
DateJune–December 2009
Location
Not specified – occurred on a worldwide scale.
Result Diplomatic incident between the United States and China
Belligerents
 United States  China
Casualties and losses
Google intellectual property stolen[1]

Operation Aurora was a series of cyber attacks performed by advanced persistent threats such as the Elderwood Group based in Beijing, China, with associations with the People's Liberation Army.[2] First disclosed publicly by Google (one of the victims) on January 12, 2010, by a weblog post,[1] the attacks began in mid-2009 and continued through December 2009.[3]

The attack was directed at dozens of other organizations, of which Adobe Systems,[4] Akamai Technologies,[5] Juniper Networks,[6] and Rackspace[7] have confirmed publicly that they were targeted. According to media reports, Yahoo, Symantec, Northrop Grumman, Morgan Stanley,[8] and Dow Chemical[9] were also among the targets.

As a result of the attack, Google stated in its weblog that it plans to operate a completely uncensored version of its search engine in China "within the law, if at all," and acknowledged that if this is not possible, it may quit China and close its Chinese offices.[1] Official Chinese sources claimed this was part of a strategy developed by the U.S. government.[10]

The attack was named "Operation Aurora" by Dmitri Alperovitch, Vice President of Threat Research at cybersecurity company McAfee. Research by McAfee Labs discovered that "Aurora" was part of the file path on the attacker's machine that was included in two of the malware binaries McAfee said were associated with the attack. "We believe the name was the internal name the attacker(s) gave to this operation", McAfee Chief Technology Officer George Kurtz said in a weblog post.[11]

According to McAfee, the primary goal of the attack was to gain access to and potentially modify source code repositories at these high-technology, security, and defense contractor companies. "[The source code repositories] were wide open," says Alperovitch. "No one ever thought about securing them, yet these were the crown jewels of most of these companies in many ways—much more valuable than any financial or personally identifiable data that they may have and spend so much time and effort protecting."[12]

  1. ^ a b c "A new approach to China". Google Inc. 2010-01-12. Archived from the original on 2010-01-13. Retrieved 17 January 2010.
  2. ^ Clayton, Mark (14 September 2012). "Stealing US business secrets: Experts ID two huge cyber 'gangs' in China". Christian Science Monitor. Archived from the original on 15 November 2019. Retrieved 24 February 2013.
  3. ^ "'Aurora' Attacks Still Under Way, Investigators Closing In On Malware Creators". Dark Reading. DarkReading.com. 2010-02-10. Archived from the original on 2010-08-11. Retrieved 2010-02-13.
  4. ^ "Adobe Investigates Corporate Network Security Issue". 2010-01-12. Archived from the original on 2010-01-14.
  5. ^ "9 Years After: From Operation Aurora to Zero Trust". Dark Reading. DarkReading.com. 2019-02-20. Archived from the original on 2019-12-27. Retrieved 2020-05-09.
  6. ^ "Juniper Networks investigating cyber-attacks". MarketWatch. 2010-01-15. Archived from the original on 2021-02-25. Retrieved 17 January 2010.
  7. ^ "Rackspace Response to Cyber Attacks". Archived from the original on 18 January 2010. Retrieved 17 January 2010.
  8. ^ "HBGary email leak claims Morgan Stanley was hacked". Archived from the original on March 3, 2011. Retrieved 2 Mar 2010.{{cite web}}: CS1 maint: unfit URL (link)
  9. ^ Cha, Ariana Eunjung; Ellen Nakashima (2010-01-14). "Google China cyberattack part of vast espionage campaign, experts say". The Washington Post. Archived from the original on 2020-05-17. Retrieved 17 January 2010.
  10. ^ Hille, Kathrine (2010-01-20). "Chinese media hit at 'White House's Google'". Financial Times. Archived from the original on 2016-06-04. Retrieved 20 January 2010.
  11. ^ Kurtz, George (2010-01-14). "Operation "Aurora" Hit Google, Others". McAfee, Inc. Archived from the original on 11 September 2012. Retrieved 17 January 2010.
  12. ^ Zetter, Kim (2010-03-03). "'Google' Hackers Had Ability to Alter Source Code". Wired. Archived from the original on 2014-01-29. Retrieved 4 March 2010.