2Internet Explorer Becomes a Target
The vulnerability leveraged in this attack is a memory corruption issue that can be exploited to allow an attacker to remotely execute code. The attackers in Aurora focused their efforts on IE 6, though proof-of-concept code was developed by a security company that worked on later versions. The exploit code has been hosted on malicious sites, as seen here.
3Hydraq Trojan – Malware, Not Mythological Beast
The Hydraq is a backdoor Trojan that was the main piece of malware used in the Aurora attack. When it’s installed, Hydraq makes contact with command and control servers in order to receive instructions and upload any data it has stolen. Though the IE vulnerability was the primary vector for infecting users in Aurora, the Trojan has also been associated with exploits targeting Adobe Reader, Acrobat and Flash Player.
4Viewing Your Data
Social Networks Involved as Surveillance?McAfee CTO George Kurtz has said the attackers conducted surveillance on their targets and their targets’ friends via social networking sites. Such tactics are becoming a greater worry in security circles. For example, officials at security firm Netragard told eWEEK they used Facebook during a penetration test to trick employees at an energy company into “friending” them and giving up their employee credentials.
6Google Announces Attack
On Jan. 12, Google announced it had been attacked in December. The company also said it had detected repeated attempts to access the Gmail accounts of Chinese human rights activists. As a result, the company declared it would no longer censor search results in China and would consider closing its operations in the country.
7The Case Against China
Although China quickly became the subject of accusations, evidence of Chinese attackers being behind Aurora remained relatively scant, as systems in both the United States and China were used in the attack. One researcher uncovered evidence of a cyclic redundancy algorithm in Hydraq that originated in China.
8Uncle Sam Wants Answers
Secretary of State Hillary Clinton says the United States will seek a thorough and transparent investigation of the incident by the Chinese government. However, officials with the Chinese government deny involvement in the cyber-attacks and tell Google the company needs to follow the law if they expect to operate in China.