'Elderwood' Crew, Tied to Google Aurora Attack, Targeting Defense, Energy, Finance Companies
September 7, 2012
The same team that attacked Google in the Aurora campaign in 2009 is still active and has been conducting a long-term campaign targeting defense contractors, financial services companies, energy companies, human rights organizations and government agencies using a seemingly inexhaustible supply of zero day vulnerabilities. The crew is using a variety of techniques to go after its targets, most notably compromising legitimate Web sites frequented by employees of the targeted organizations and then delivering exploits for one or more of their stockpiled zero-day bugs, researchers say.
The team behind these operations appears to be in the top tier of professional attack teams, possessing the ability to do original research to find new vulnerabilities in popular applications such as Adobe Flash and Internet Explorer, and then write exploits for those flaws, as well. Researchers at Symantec have been tracking the group, which they've dubbed the Elderwood gang, for some time, and have seen the crew using previously unknown vulnerabilities in rapid succession over the course of the last couple of years in attacks aimed at defense contractors, government agencies and other high-value targets.