Operation Aurora | |||||||
---|---|---|---|---|---|---|---|
| |||||||
Belligerents | |||||||
United States | China | ||||||
Casualties and losses | |||||||
Google intellectual property stolen[1] |
Operation Aurora was a series of cyber attacks performed by advanced persistent threats such as the Elderwood Group based in Beijing, China, with associations with the People's Liberation Army.[2] First disclosed publicly by Google (one of the victims) on January 12, 2010, by a weblog post,[1] the attacks began in mid-2009 and continued through December 2009.[3]
The attack was directed at dozens of other organizations, of which Adobe Systems,[4] Akamai Technologies,[5] Juniper Networks,[6] and Rackspace[7] have confirmed publicly that they were targeted. According to media reports, Yahoo, Symantec, Northrop Grumman, Morgan Stanley,[8] and Dow Chemical[9] were also among the targets.
As a result of the attack, Google stated in its weblog that it plans to operate a completely uncensored version of its search engine in China "within the law, if at all," and acknowledged that if this is not possible, it may quit China and close its Chinese offices.[1] Official Chinese sources claimed this was part of a strategy developed by the U.S. government.[10]
The attack was named "Operation Aurora" by Dmitri Alperovitch, Vice President of Threat Research at cybersecurity company McAfee. Research by McAfee Labs discovered that "Aurora" was part of the file path on the attacker's machine that was included in two of the malware binaries McAfee said were associated with the attack. "We believe the name was the internal name the attacker(s) gave to this operation", McAfee Chief Technology Officer George Kurtz said in a weblog post.[11]
According to McAfee, the primary goal of the attack was to gain access to and potentially modify source code repositories at these high-technology, security, and defense contractor companies. "[The source code repositories] were wide open," says Alperovitch. "No one ever thought about securing them, yet these were the crown jewels of most of these companies in many ways—much more valuable than any financial or personally identifiable data that they may have and spend so much time and effort protecting."[12]