AOH :: ISNQ5928.HTM

'Aurora' Attacks Still Under Way, Investigators Closing In On Malware Creators




'Aurora' Attacks Still Under Way, Investigators Closing In On Malware Creators
'Aurora' Attacks Still Under Way, Investigators Closing In On Malware Creators



http://www.darkreading.com/vulnerability_management/security/attacks/showArticle.jhtml?articleID=222700786 

By Kelly Jackson Higgins
DarkReading
Feb 10, 2010 

The targeted attacks that hit Google, Adobe, and other U.S. 
organizations are still ongoing and have affected many more companies 
than the original 20 to 30 or so reported by Google and others.

Security experts who have worked on forensics investigations and cleanup 
of the victim organizations from the attacks that originated out of 
China say they are also getting closer to identifying the author or 
authors of the malware used to breach Google and others.

"The attack called Operation Aurora is larger than just [the attacks 
acknowledged at the] 30 companies. That attack is still in operation and 
is much larger," says Greg Hoglund, founder and CEO of HBGary, which 
today published a report on Operation Aurora that recaps where things 
stand with the investigation.

He and other forensics firms say they have no direct evidence 
implicating the Chinese government in the Aurora attacks, but that 
doesn't mean other investigators or officials have it and just aren't 
sharing it publicly, Hoglund says. HBGary has found trails left behind 
in the Aurora code by its creators that are "very specific to the 
developer who compiled the malware," Hoglund says, and it has Chinese 
language ties.

[...]


________________________________________ 
Did a friend send you this? From now on, be the 
first to find out! Subscribe to InfoSec News 
http://www.infosecnews.org 

Site design & layout copyright © 1986-2014 CodeGods