in

Return of the Aurora Attackers?

Return of the Aurora Attackers? - top government contractors - best government contracting event
Image: Sergi Terendyak
Return of the Aurora Attackers? - top government contractors - best government contracting event
Image: Sergi Terendyak

Researchers at Symantec say a new round of targeted web assaults appear to come from the same group responsible for last year’s attacks against Google and other major U.S. businesses.

Writing on the Symantec Security blog, researcher Karthik Selvaraj said evidence collected on the new targeted attacks have  many of the same characteristics as the so-called Aurora (Hydraq) attacks in 2009 that impacted more than 30 businesses, including Google, Northrop Grumman and Symantec.

The latest incident appears to date back at least to the beginning of this month, when researchers started noticing attacks leveraging the recent Adobe zero-day vulnerability in PDF Reader, and using social engineering to lure victims. More specifically, attackers sent emails containing a malicious PDF file attachment.

Selvaraj noted that the recent emails were written in the same style as those used in the Aurora attacks. It also seems as if the two attacks share the same origin.

“In addition, the use of a zero-day within a PDF, and how the executable is dropped on the system, all match the Hydraq  method of operation,” he added. “Furthermore, we have seen a large number of detections of unique versions of the PDF“”not yet seen elsewhere in the wild“”coming from a single computer in the Shandong Province of China, which is how far back investigators were able to trace the Hydraq attacks.

Although these similarities could be coincidental, Selvaraj said it appears as if these attacks appear to be from the same perpetrators. The PDFs inside all the recent emails exploit the same Adobe zero-day vulnerability and each drop similar downloader components, but with different decoy PDFs. Some had different URLs to download additional malware, he added.

ExecutiveBiz Logo

Sign Up Now! ExecutiveBiz provides you with Daily Updates and News Briefings about Industry News

Will Defense Consolidations Impact Efforts to Eliminate Sole-Source Contracting? - top government contractors - best government contracting event

Will Defense Consolidations Impact Efforts to Eliminate Sole-Source Contracting?

'Radical Muslim' Hacker Compromises Florida Family Policy Council's Website