In 2009, Google detected a highly sophisticated and targeted attack on its corporate infrastructure originating from China. The attack was found to have installed malware via email on computers in another 30 companies and government agencies. Using a zero-day vulnerability in a web browser, the attackers created a tunnel into an internal network via employees' compromised workstations, and gained access to e-mail accounts and inadequately secured source code repositories.
Dubbed Operation Aurora, it "was a coordinated attack which included a piece of computer code that exploits the Microsoft Internet Explorer vulnerability to gain access to computer systems. This exploit is then extended to download and activate malware within the systems."
- ↑ McAfee, Operation Aurora: How to Respond to the Recent Microsoft Internet Explorer Vulnerability (full-text).
External resource Edit
- McAfee, White Paper: Protecting Your Critical Assets — Lessons Learned from "Operation Aurora" (full-text).