Slashdot is powered by your submissions, so send in your scoop

 


Forgot your password?
Close
typodupeerror
×
Security

Group Behind 'Aurora' Attack on Google Still Active 21

Posted by Soulskill from the three-years-of-experience-will-get-you-a-good-entry-level-gig dept.
New submitter trokez writes "Symantec has monitored the activities of a group using a specific trojan (Hydraq/Aurora) since 2009. The particular group has been connected (by Symantec) to the attack on Gmail in China, but also other high-profile attacks. 'These attackers have used a large number of zero-day exploits against not just the intended target organization, but also on the supply chain manufacturers that service the company in their cross hairs. These attackers are systematic and re-use components of an infrastructure we have termed the "Elderwood Platform." The term "Elderwood" comes from the exploit communication used in some of the attacks. This attack platform enables them to quickly deploy zero-day exploits.' The attacks seems to focus on industry espionage, with the defense industry and its suppliers at the focus."
This discussion has been archived. No new comments can be posted.

Group Behind 'Aurora' Attack on Google Still Active More

Group Behind 'Aurora' Attack on Google Still Active

Comments Filter:

  • Are these the dudes... (Score:1, Funny)

    by Anonymous Coward on Friday September 07, 2012 @05:50PM (#41267515)

    ...who hacked the gibson?

  • Watering Hole Attack. (Score:5, Funny)

    by Tackhead ( 54550 ) on Friday September 07, 2012 @06:40PM (#41268087)
    From TFA:

    One of the vectors of infection we're seeing a substantial increase in, called a âoewatering holeâ attack, is a clear shift in the attacking group's method of operations. The concept of the attack is similar to a predator waiting at a watering hole in a desert. The predator knows that victims will eventually have to come to the watering hole, so rather than go hunting, he waits for his victims to come to him. Similarly, attackers find a Web site that caters to a particular audience, which includes the target the attackers are interested in. Having identified this website, the attackers hack into it using a variety of means.

    All well and good. The good folk at Symantec, a site that definitely caters to an audience of people who would be interested in this particular exploit, then goes on to link to their research paper:

    We have published a research paper [bit.ly] that details the links between various exploits used by this attacking group, their method of targeting organizations, and the Elderwood Platform. It puts into perspective the continuing evolution and sheer resilience of entities behind targeted attacks.

    That's right. The link to the research paper is, presumably by order of some marketroid who wants to get some metrics about this high-profile story (or are they?) is a goddamn bit.ly link redirector that goes directly to a PDF, and can be expected to spawn precisely one of the sorts of vectors that the attackers have been exploiting for years.

    Peter Norton is still alive, but if he weren't, he'd be rolling in his grave. As it stands, he's merely rolling in a big pile of money.

Slashdot Top Deals

I tell them to turn to the study of mathematics, for it is only there that they might escape the lusts of the flesh. -- Thomas Mann, "The Magic Mountain"

Close