McAfee: Chinese cyber attacks exploited Internet Explorer

McAfee said today that cyber attacks out of China, now called "Operation Aurora," exploited an unknown hole in Microsoft's Internet Explorer browser.
Written by Sam Diaz, Inactive

A post on McAfee's Security Insights blog today said that the Chinese cyber attacks - now being referred to as "Aurora" - partially took advantage of a "previously unknown vulnerability" in Microsoft's Internet Explorer browser.

The post said that folks at McAfee Labs have been working with companies that were hit by the attack, as well as government and law enforcement officials, and has analyzed "several pieces of malicious code" that were used in the attack. It said that IE is vulnerable on all of Microsoft's operating systems, including Windows 7, and that Microsoft has been notified and will publish an advisory soon.

McAfee also noted, to clear up some news reports, that it has not found any links between Adobe's Acrobat reader and the attacks. It further noted:

While we have identified the Internet Explorer vulnerability as one of the vectors of attack in this incident, many of these targeted attacks often involve a cocktail of zero-day vulnerabilities combined with sophisticated social engineering scenarios. So there very well may be other attack vectors that are not known to us at this time.

McAfee also said "Operation Aurora" was sophisticated beyond what's been seen in previous attacks and changes the cyberthreat landscape:

Blaster, Code Red and other high profile worms are definitely a thing of the past. The current bumper crop of malware is very sophisticated, highly targeted, and designed to infect, conceal access, siphon data or, even worse, modify data without detection.

These highly customized attacks known as “advanced persistent threats” (APT) were primarily seen by governments and the mere mention of them strikes fear in any cyberwarrior. They are in fact the equivalent of the modern drone on the battle field. With pinpoint accuracy they deliver their deadly payload and once discovered – it is too late.

Finally, It said that companies of all sectors are valuable because they offer more the new valuable "loot" of the Internet - intellectual property. It wrote:

Like an army of mules withdrawing funds from an ATM, this malware enabled the attackers to quietly suck the crown jewels out of many companies while people were off enjoying their December holidays.  Without question this attack was perpetrated during a period of time that would minimize detection.

All I can say is wow. The world has changed. Everyone’s threat model now needs to be adapted to the new reality of these advanced persistent threats. In addition to worrying about Eastern European cybercriminals trying to siphon off credit card databases, you have to focus on protecting all of your core intellectual property, private nonfinancial customer information and anything else of intangible value.

Separately, Microsoft CEO Steve Ballmer told CNBC today that Microsoft will continue to do business in China.

Editorial standards