News

Evidence from Google Attacks Points to China

  • By Kevin McCaney
  • January 21, 2010

The fallout from the recent cyberattacks against Google and other companies, which occurred in December and were revealed by Google last week, continues to spread.

A security researcher for SecureWorks says he has found evidence to support Google's claim that last month's attacks on the company's systems originated in China, while another security expert called them the largest and most sophisticated attacks specifically aimed at businesses in years.

The attacks, which used the Hydraq Trojan to open a back door into infected systems, affected Google and 33 other companies. In addition to concerns over possible stolen information, the event has raised discussions about free speech and censorship in China.

Joe Stewart, SecureWorks' director of malware research, said he analyzed the software used in the attacks and found that it contained an algorithm from a Chinese technical paper that has been published only on Chinese-language Web sites, according to a report in The New York Times.

Google officials, in announcing the attack in a Jan. 12 blog post, have said they suspected that the attack originated in China, saying that the Gmail accounts of human rights activists in China had been monitored or hacked. The Gmail accounts of foreign journalists also have reportedly been hacked. The company is threatening to pull its operations out of the country. 

Other companies reported to have been affected include Adobe, Microsoft, Juniper Networks, Northrop Grumman, Symantec, Yahoo and Dow Chemical.

The attacks in many cases exploited a zero-day flaw in Adobe Acrobat and Reader to infect systems with the Hydraq Trojan, which launched when a user clicked on a malicious .PDF attached to an e-mail. Adobe issued a patch for the vulnerability this week.

The security company McAfee also said the attacks had exploited a vulnerability in Internet Explorer. Microsoft reported that the vulnerability exists in IE 6, but has issued an out-of-cycle security patch for all versions of the browser.

The attacks are similar to a July 2009 attack that involved about 100 companies, according to VeriSign iDefense.

In a blog post, McAfee Chief Technology Officer George Kurtz, dubbing recent the attacks "Operation Aurora," called it "the largest and most sophisticated cyberattack we have seen in years targeted at specific corporations."

"While the malware was sophisticated, we see lots of attacks that use complex malware combined with zero-day exploits," Kurtz wrote. "What really makes this is a watershed moment in cybersecurity is the targeted and coordinated nature of the attack with the main goal appearing to be to steal core intellectual property."

Meanwhile, Google is investigating whether some of its employees in China might have helped the attackers. Reuters reported that some employees in China had been placed on leave or transferred.

About the Author

Kevin McCaney is the managing editor of Government Computer News.

Featured

  • Hands-On AI Skills Now Outshine Certs in Salary Stakes

    For AI-related roles, employers are prioritizing verifiable, hands-on abilities over framed certificates -- and they're paying a premium for it.

  • Roadblocks in Enterprise AI: Data and Skills Shortfalls Could Cost Millions

    Businesses risk losing up to $87 million a year if they fail to catch up with AI innovation, according to the Couchbase FY 2026 CIO AI Survey released this month.

  • Microsoft Cuts Windows 11 Recovery Time with New Update

    Microsoft has introduced two key enhancements to Windows 11 aimed at minimizing downtime and streamlining error resolution.

  • Microsoft Offers Support Extensions for Exchange 2016 and 2019

    Microsoft has introduced a paid Extended Security Update (ESU) program for on-premises Exchange Server 2016 and 2019, offering a crucial safety cushion as both versions near their Oct. 14, 2025 end-of-support date.

Most   Popular