Operation Aurora Overview Essay

1084 Words Apr 17th, 2011 5 Pages
Cyber-attacks are common in the defense industry, but in January 2010, a sophisticated, advanced persistent threat hacked into the commercial sector forever changing the face of cyber security. Dubbed “Operation Aurora” by McAfee, the attack targeted specific high profile corporations to obtain valuable intellectual property. Google, Yahoo, Juniper Networks and Adobe Systems were also among the victims of this highly coordinated cyber heist. By manipulating computer codes the attackers were able to exploit the Microsoft Internet Explorer vulnerabilities to gain access and obtain valuable sensitive information from over thirty high profile companies. Operation Aurora proves that the world is entering into a high-risk era where …show more content…
Due to the nature of an executable file, the browser will download the malicious JavaScript. The script will include a zero-day Internet Explorer exploit that will download a binary pretending to be Taiwan servers that will execute the payload. This Trojan will open a backdoor that is encrypted and disguised as an authentic SSL connection to avoid detection. Once the backdoor is open, the attackers will have complete access to the steal sensitive information and intellectual property from its victims. The compromised internal systems could then be used to infiltrate the network further (McAfee Labs and McAfee Foundstone Professional Services 3). If Operation Aurora continued to attack more systems, it could potentially comprise the world’s capitalism and commerce on a global scale. Many companies take highly protective measures to ensure their intellectual properties such as trademarks, source codes or trade secrets stay safe. When these repositories are compromised, the worldwide economy can be greatly affected.
At the discovery of the attack Microsoft quickly published a security advisory since the exploit pretty much affects all versions of Internet Explorer. They urged all Windows users to perform the IE update which patches vulnerabilities against malicious execution files. McAfee wasted no time in

Related Documents