Do you remember Operation Aurora? A few years ago, a team of hackers operating under the name ‘Aurora’ targeted – and compromised – the security networks of some of America’s largest corporations. Those corporations included Google, defense contractors, and other giants.
Despite early reports that the hacking group had disappeared, it appears to still be going strong. Today, the hackers are using “zero-day exploits” to target major corporations. Zero day exploits are attacks that occur during ‘day zero’ of knowledge of a security flaw. In other words, programmers have had 0 days to patch their networks, giving hackers easy access.
The hardest part about zero-day exploits is identifying them in the first place. In order to find zero-day exploits, hackers usually need to have inside access to program updates before they take place. It appears that Operation Aurora is well-financed to find more than enough zero-day exploits to accomplish its goals.
Whenever a well-funded hacking group emerges onto the scene, questions start to be asked. Interestingly enough, there are some reports that Operation Aurora is government-sponsored. This is particularly frightening when you consider that Operation Aurora has increasingly shifted its focus to defense contractors – specifically, the intellectual property of defense contractors.
That’s right: this hacking group wants to steal the latest inventions and secrets from the companies that make some of the world’s most dangerous machines. Although it’s unknown what kind of government would sponsor this attack, the usual suspects have been suggested, including China, Israel and Iran.
Making this new Operation Aurora even more frightening is the fact that the hackers are equipped with more zero-day exploits than PC security researchers have ever seen. By nature, zero-day exploits are difficult to defend against, and even companies that are strict with their network’s security have been susceptible to zero-day attacks in the past.
In any case, look for Operation Aurora to hit the news a lot more over the coming months. If the hacking group actually manages to steal private data from defense contractors – or if it has done so already – then the effects could be disastrous.