ABSTRACT
Operation Aurora was a series of cyber-attacks conducted by advanced persistent threats (APTs) such as the Elderwood Group based in Beijing, China, with ties to the People's Liberation Army. First publicly disclosed by Google on January 12, 2010, in a blog post, the attacks began in mid-2009 and continued through December 2009. As a result of the attack, Google stated in its blog that it plans to operate a completely uncensored version of its search engine in China "within the law, if at all," and acknowledged that if this is not possible, it may leave China and close its Chinese offices. Official Chinese sources claimed this was part of a strategy developed by the US government. Aurora appears to have been a very concentrated attack on specific targets. It is not believed to be widespread at this time. The Microsoft Internet Explorer vulnerability leveraged in this attack allows for remote code execution, but does require user intervention.
