McAfee (NYSE: MFE) on Thursday said a new and previously undisclosed zero-day vulnerability in Microsoft’s Internet Explorer software provided the opening hackers needed earlier this week to break into the networks used and operated by Google and as many as 20 different high-profile corporations. In a blog entry posted Thursday afternoon, McAfee CTO George Kurtz […]
McAfee (NYSE: MFE) on Thursday said a new and previously undisclosed zero-day vulnerability in Microsoft’s Internet Explorer software provided the opening hackers needed earlier this week to break into the networks used and operated by Google and as many as 20 different high-profile corporations.
In a blog entry posted Thursday afternoon, McAfee CTO George Kurtz said his team of researchers worked “around the clock” with “multiple organizations” that were hit by the highly sophisticated and coordinated attack as well as the U.S. government and various law enforcement agencies.
After analyzing several pieces of malicious code used to access the networks, McAfee researchers determined that the hackers had themselves assigned the “Aurora” moniker to the series of unprecedented attacks.
“Based on our analysis, ‘Aurora’ was part of the file path on the attacker’s machine that was included in two of the malware binaries that we have confirmed are associated with the attack,” Kurtz said. “That file path is typically inserted by code compilers to indicate where debug symbols and source code are located on the machine of the developer. We believe the name was the internal name the attacker(s) gave to this operation.”
McAfee’s investigation found that Internet Explorer is vulnerable on all of Microsoft’s most recent operating system releases, including Windows 7.
McAfee said Microsoft officials have been working with McAfee throughout the investigative process and the Redmond, Wash.-based software giant is expected to publish an advisory on the matter soon.
Kurtz said the intruders, which Google and independent researchers said were based in China, gained access to Google’s Gmail and other networks by sending a tailored attack to one or a few targeted individuals. The attacks have pushed the search giant’s already tenuous relationship with the Communist superpower to the breaking point.
“We suspect these individuals were targeted because they likely had access to valuable intellectual property,” Kurtz said. “These attacks will look like they come from a trusted source, leading the target to fall for the trap and clicking a link or file. That’s when the exploitation takes place, using the vulnerability in Microsoft’s Internet Explorer.”
McAfee researchers found that once the malware was downloaded and installed, it opened a back door that allowed the attacker to perform reconnaissance and gain complete control over the compromised system. The attacker was then able to identify “high-value targets” and start to siphon off valuable data from the company.
Previously, Google officials theorized that hackers were exploiting a zero-day vulnerability in Adobe Systems’ (NASDAQ: ADBE) Acrobat and Reader applications, a security gap that was purportedly closed on Tuesday when the San Jose, Calif.-based software developer released its long-awaited patch and security update.
Microsoft and Google officials were not immediately available to comment on McAfee’s findings.
On Wednesday, Google officials told the New York Times that its internal investigation found that Gmail accounts of Chinese and Tibetan activists had been compromised in separate attacks involving phishing and spyware and that at least 34 companies had been targets of the attacks originating in China.
McAfee’s Kurtz said these highly customized attacks, known as advanced persistent threats (APT), have previously been seen only by governments and compared them to the equivalent of the modern drone on the battlefield — capable of pinpoint accuracy and the ability to deliver a highly destructive payload.
“All I can say is ‘Wow’,” Kurtz said. “The world has changed. Everyone’s threat model now needs to be adapted to the new reality of these advanced persistent threats.”
Larry Barrett is a senior editor at InternetNews.com, the news service of Internet.com, the network for technology professionals.
Ethics and Artificial Intelligence: Driving Greater Equality
FEATURE | By James Maguire,
December 16, 2020
AI vs. Machine Learning vs. Deep Learning
FEATURE | By Cynthia Harvey,
December 11, 2020
Huawei’s AI Update: Things Are Moving Faster Than We Think
FEATURE | By Rob Enderle,
December 04, 2020
Keeping Machine Learning Algorithms Honest in the ‘Ethics-First’ Era
ARTIFICIAL INTELLIGENCE | By Guest Author,
November 18, 2020
Key Trends in Chatbots and RPA
FEATURE | By Guest Author,
November 10, 2020
FEATURE | By Samuel Greengard,
November 05, 2020
ARTIFICIAL INTELLIGENCE | By Guest Author,
November 02, 2020
How Intel’s Work With Autonomous Cars Could Redefine General Purpose AI
ARTIFICIAL INTELLIGENCE | By Rob Enderle,
October 29, 2020
Dell Technologies World: Weaving Together Human And Machine Interaction For AI And Robotics
ARTIFICIAL INTELLIGENCE | By Rob Enderle,
October 23, 2020
The Super Moderator, or How IBM Project Debater Could Save Social Media
FEATURE | By Rob Enderle,
October 16, 2020
FEATURE | By Cynthia Harvey,
October 07, 2020
ARTIFICIAL INTELLIGENCE | By Guest Author,
October 05, 2020
CIOs Discuss the Promise of AI and Data Science
FEATURE | By Guest Author,
September 25, 2020
Microsoft Is Building An AI Product That Could Predict The Future
FEATURE | By Rob Enderle,
September 25, 2020
Top 10 Machine Learning Companies 2021
FEATURE | By Cynthia Harvey,
September 22, 2020
NVIDIA and ARM: Massively Changing The AI Landscape
ARTIFICIAL INTELLIGENCE | By Rob Enderle,
September 18, 2020
Continuous Intelligence: Expert Discussion [Video and Podcast]
ARTIFICIAL INTELLIGENCE | By James Maguire,
September 14, 2020
Artificial Intelligence: Governance and Ethics [Video]
ARTIFICIAL INTELLIGENCE | By James Maguire,
September 13, 2020
IBM Watson At The US Open: Showcasing The Power Of A Mature Enterprise-Class AI
FEATURE | By Rob Enderle,
September 11, 2020
Artificial Intelligence: Perception vs. Reality
FEATURE | By James Maguire,
September 09, 2020
Larry Barrett is a freelance journalist and blogger who has covered the information technology and business sectors for more than 15 years. Most recently, he served as the online news editor for 1105 Media's Office Technology Group and as the online managing editor for SourceMedia's Investment Advisory Group publications Financial Planning, On Wall Street, and Bank Investment Consultant. He was also a senior writer and editor at Ziff Davis Media's Baseline Magazine, winner of the Jesse H. Neal National Business Journalism Award, and ZDNet. In addition, he's served as a senior writer and editor at prominent technology and business websites including CNET, InternetNews.com, Multichannel News, and the San Jose Business Journal.
Datamation is the leading industry resource for B2B data professionals and technology buyers. Datamation's focus is on providing insight into the latest trends and innovation in AI, data security, big data, and more, along with in-depth product recommendations and comparisons. More than 1.7M users gain insight and guidance from Datamation every year.
Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.
