Google Aurora Attackers Behind Internet Explorer Zero-Day Attacks

Printer-friendly version Email this CRN article

Ongoing attacks targeting an Internet Explorer zero-day vulnerability have been linked to a cybercrime gang responsible for the Google Aurora attacks in 2009.

Researchers at Symantec said it found similarities in the techniques and files used in the latest round of attacks to those used by the Elderwood group, responsible for highly targeted campaigns over the last several years.

The group, believed to be based in China, has targeted U.S. defense contractors and their partners in the supply chain, including manufacturers of mechanical components. It uses spear phishing to lure specific employees to a malicious site to infect their system. Once the system is infected, the Elderwood attackers remotely gain control, using it as a stepping stone to more sensitive corporate data.


[Related: Attackers Target Internet Explorer Zero-Day Flaw]

"They are responsible for compromising numerous websites, corporations and individuals over the past three years," Symantec said in a report it issued on the Elderwood group earlier this year. "This group is focused on wholesale theft of intellectual property and clearly has the resources, in terms of manpower, funding and technical skills, required to implement this task."

Intellectual property theft has been a rising concern voiced by government officials and prominent security experts who believe that successful attacks are not likely being publicly reported by companies. Well-funded, sophisticated attackers can infiltrate corporate systems and remain stealthy for months and even years. Former White House Cybersecurity Coordinator Howard Schmidt called it a serious national security concern. The Securities and Exchange Commission attempted to increase transparency of the issue in 2011 when it issued a new rule making public companies disclose a data breach or potential breach when it may have an increased risk or financial impact on corporate earnings.

"We believe that there's a tremendous amount of corporate cybercrime and espionage going on that most of the industry doesn't know about," said George Tubin, a senior security strategist at Boston-based security firm Trusteer. "Once your intellectual property is gone in electronic form, it's gone forever."

NEXT: Latest attacks target a number of firms

Printer-friendly version Email this CRN article