Skip to main content

In Google Attack Aftermath, Operation Aurora Keeps on Hacking


In Google Attack Aftermath, Operation Aurora Keeps on Hacking





           The Operation Aurora hackers, who compromised Google's infrastructure a few years ago, are still at it, targeting defense contractors and other companies in their supply chains. The group is persistent, sophisticated and most likely government-sponsored, said Grayson Milbourne, director of threat research at Webroot.


The gang behind Operation Aurora, a coordinated attack that hit Google and tens of other large United States corporations, is alive, well and hacking away, Symantec said.

Over the last three years, the gang has used lots of zero-day attacks against not just defense corporations, but also the manufacturers in their targets' supply chains.

"The group actually utilized at least eight zero-days over a three-year period, which is unheard of," Vikram Thakur, manager, Symantec Security Response, told TechNewsWorld.


Overview of the Attacks


The attackers are systematic, meaning "these attacks are not going away and the group is systematically targeting victims," Thakur explained. Once a zero-day exploit was in danger of being exposed during an attack, the hackers would replace it with another zero-day exploit, thus extending the life of the attack.

The hackers reuse components of an infrastructure Symantec has dubbed the "Elderwood Platform," after the exploit communication used in some of the attacks.

This platform lets the hackers quickly deploy zero-day exploits.

The primary targets are companies in the defense industry supply chain. Symantec said these companies may have weaker security than top-tier defense contractors.

"The Elderwood attacks appear to be very well organized and targeted towards intellectual property," Thakur said.

Flaws Exploited


The hackers used four zero-day exploits in the past few months, Symantec said.

Two of the four leveraged flaws were in the Adobe Flash platform.

They are the Adobe Flash Player Object Type Confusion Remote Code Execution Vulnerability (CVE-2012-0779) and the Flash Player Remote Code Execution Vulnerability (CVE-2012-1535).

The other two leveraged Internet Explorer. They are the Microsoft Internet Explorer Same ID Property Remote Code Execution Vulnerability (CVE-2012-1875) and the Microsoft XML Core Services Remote Code Execution Vulnerability (CVE-2012-1889).

"Both of the [Flash Player] vulnerabilities referenced in the Symantec blog post are already fixed," Adobe spokesperson Wiebke Lips told TechNewsWorld.

Consumers and businesses should "keep their software and security protections up-to-date," Lips suggested.

What's In a Name?


The hackers involved have always used spearphishing emails, Symantec said, but they are now increasingly using a technique dubbed "watering hole" attacks.

This involves the hackers' compromising certain websites they believe will likely be visited by their targets, much like predators sit around watering holes.

That's nothing new, said Randy Abrams, a research director at NSS Labs. "The term 'watering hole' probably came about when a marketing professional watched the animated film 'Madagascar' and figured that a targeted drive-by needed a new name to make it more marketable," he told TechNewsWorld.

Plenty More Where That Came From?


The hackers apparently have access to lots of zero-day exploits, Symantec believes.

"We know how difficult zero-day vulnerabilities are to come by, and the resources required to obtain them," Symantec's Thakur said. "This group definitely has the largest cache of zero-days we've ever seen utilized."

The hackers "seem to be very well resourced, which would explain the research they're able to perform in order to locate those zero-day vulnerabilities," Thakur remarked.

"Code has become so complex that multitudes of vulnerabilities are bound to exist," NSS Labs' Abrams said. "If a target is cost-effective, then massive resources can be put into exploit discovery and development. Finding holes is always easier than writing vulnerability-free code."

That kind of effort to locate zero-day vulnerabilities is needed because "in most cases, these exploits are fixed very soon after being discovered," Grayson Milbourne, director of threat research at Webroot, told TechNewsWorld.

Anonymous May Be Innocent


It's unlikely that the hacker group Anonymous, which has previously vowed to target defense contractors, was behind the Elderwood attack, Webroot's Milbourne said.

"I would say these are more organized, possibly government sponsored, attacks," Milbourne said. "It's hard to say for sure, but typically Anonymous likes to take credit for their hacks."

Comments

Post a Comment

Popular posts from this blog

How has lockdown impacted Indian farmers?

How has lockdown impacted Indian farmers?             Generally compare to other sectors it's not major impacted by our Indian farmers but we acceptable minor impacts. Here we separate major two farming cultures one is mono farming culture another one poly farming culture. Mono farming :             The major impacts from our Indian farmer for monoculture. Here I have briefly explained what are the things we had faced our local farmers. Here I explain two different crops type: Daily crops : * We harvest more than 100-kilo grams daily crops like brinjal but we unable to sell those in local markets. * We are unable to reach urban markets. * We don't have enough transport facilities. * We unable buy require fertilizer and other complements * In the early stage we are facing manpower shortage but later it's not an issue. * We unable to do value-added products. * Waste is very high for somedays Se...
Post a Comment
Read more

How is a startup possible in farming and agriculture?

                 In this question we have two options, The first one is natural farming and another one is chemical farming. Both are the way to start an agriculture startup. Before we jump into the topic we have to look at more important things like Financial, Yield, quality of food and Marketing these are the very challenge we face. Chemical Farming 1. Capital & financial   * an agriculture startup we must have to invest for own land but chemical farming not require to buy an own land because chemical farming land does not produce yield more than 10 years so best you can acquire rental land.  * We have to buy cultivate equipment and machinery for chemical farming. In this case, we have two options       1. More necessity things are bought own equipment         2. Fewer necessities things go for a rental.   * Make a sufficient fund for runnin...
Post a Comment
Read more

How will agriculture evolve

Agriculture will evolve the following types in the future. 1. Natural Farming 2. Nutrition Orient Farming 3. Fertilize Orient Farming 4. Terrace garden Farming 1. Natural Farming Now, most of people aware and important of natural food. We are consuming a lot of foods that were packed, preservatives and Jung, these items came from various places in the world so it's added lot of chemicals to avoid food waste. These things we could consume regularly till now. almost we are facing so many diseases in our day to life. So people are avoiding unhealthy food to use that is the reason we are switchover natural farming. The natural farming foods are very expensive nowadays but in the future may be it will reduce the prices. When this will happen If more people involve natural farming. 2. Nutrition Orient Farming It's like the way of doing the Hydroponic farming process system but the thing is only nutrition leaf harvesting. In this leaf contain all the nutrition, If y...
Post a Comment
Read more