Return of the Aurora Attackers?

Image: Sergi Terendyak

Researchers at Symantec say a new round of targeted web assaults appear to come from the same group responsible for last year’s attacks against Google and other major U.S. businesses.

Writing on the Symantec Security blog, researcher Karthik Selvaraj said evidence collected on the new targeted attacks have  many of the same characteristics as the so-called Aurora (Hydraq) attacks in 2009 that impacted more than 30 businesses, including Google, Northrop Grumman and Symantec.

The latest incident appears to date back at least to the beginning of this month, when researchers started noticing attacks leveraging the recent Adobe zero-day vulnerability in PDF Reader, and using social engineering to lure victims. More specifically, attackers sent emails containing a malicious PDF file attachment.

Selvaraj noted that the recent emails were written in the same style as those used in the Aurora attacks. It also seems as if the two attacks share the same origin.

“In addition, the use of a zero-day within a PDF, and how the executable is dropped on the system, all match the Hydraq  method of operation,” he added. “Furthermore, we have seen a large number of detections of unique versions of the PDF—not yet seen elsewhere in the wild—coming from a single computer in the Shandong Province of China, which is how far back investigators were able to trace the Hydraq attacks.

Although these similarities could be coincidental, Selvaraj said it appears as if these attacks appear to be from the same perpetrators. The PDFs inside all the recent emails exploit the same Adobe zero-day vulnerability and each drop similar downloader components, but with different decoy PDFs. Some had different URLs to download additional malware, he added.

You may also be interested in...

GSA Eyes ‘On-Ramp’ Solicitation for OASIS Small Business IDIQ’s Six Subpools

The General Services Administration has announced plans to issue a solicitation as an on-ramp for the six subpools of the One Acquisition Solution for Integrated Services Small Business contract vehicle. GSA’s Federal Acquisition Service said in a presolicitation notice published Friday that it expects to award 30 contracts for subpool 1, 20 contracts for subpool 3 and eight each for subpools 2, 4, 5B and 6 of the OASIS SB indefinite-delivery/indefinite-quantity contract.

SSL to Design Methane Emission Detection Satellite; Richard White Quoted

Maxar TechnologiesSSL subsidiary has received a contract from Environmental Defense Fund to design and define requirements for a small satellite designed to detect and monitor methane emissions from oil and gas facilities worldwide. MethaneSAT is a small form-factor satellite that will work to provide high-resolution images to help detect and measure low- and high-emission sources in regions that constitute more than 80 percent of global production of oil and gas per week, Maxar said Thursday

Booz Allen’s Sarah St. Clair on Lessons Learned From HR Tech Upgrade Project

Sarah St. Clair, vice president responsible for human resource services at Booz Allen Hamilton, told Diginomica in an interview published Tuesday about the company’s experiences and efforts to address challenges associated with upgrading its HR technology system. St. Clair discussed Booz Allen’s move to execute the Workday project to manage recruitment operations and mentioned some of the actions the company made to mitigate negative impacts associated with project implementation.