Operation Aurora – The well targeted attack under which top companies including Google got hacked through the zero day vulnerability. Google has released separate statement recently illustrating nature of the attack vectors and motives of the attacker.
In this attack which believed to be originated from China, the zero day (not publicly known) vulnerability in Internet Explorer was used. The attacker sent the social engineered emails to couple of individuals in the company prompting them to open malicious website. Once the user has visited the malicious content, it opened reverse TCP connection to the attacker’s machine leading to complete take over of the victim’s system. Attacker then used this connection to further compromise the corporate boundaries and gather confidential data. Similar attack was against other corporate leading to breach of confidential information.
On Friday, Microsoft has released separate advisory confirming this zero day vulnerability in Internet Explorer. Though there is no patch against it, there are couple of factors such as DEP, IE Protected mode, restricted mode which mitigates this attack to certain extent.
Here is the video demonstration created by Nishant showing this zero day attack even on the fully patched machine with Norton 2010 protection 🙂
With no protection and availability of ready to launch exploit code on Metasploit, there will be more successful attacks on the cards.
With employees at Google coming under such a social engineered attack, only God can save the common people 🙂