Aurora

Malware updated 3 months ago (2024-07-09T14:17:54.401Z)

Download STIX

Preview STIX

Aurora is a type of malware designed to exploit and damage computer systems, often through suspicious downloads, emails, or websites. It has been used in a series of high-profile cyber-attacks over the years, with notable instances such as Operation Aurora in 2009, which targeted major technology companies including Google, and Operation Aurora Redux in 2012. This malicious software, along with others like RedLine, LokiBot, and Mars, is built to steal session cookies and saved passwords from browsers, which can be used to evade multifactor authentication controls and access crypto wallets. The Storm-0558 group, tracked for over 20 years, has been linked to these attacks and other cloud provider compromises. In July 2022, Advocate Aurora Health, a prominent healthcare provider in the Midwest, faced a data exposure incident due to incorrect usage of meta-pixels, impacting around 3 million people. Later, in October 2022, Advocate Aurora reported a HIPAA breach affecting the same number of individuals involving its prior use of web trackers. Following these incidents, Advocate Aurora agreed in August 2024 to pay $12.25 million to settle consolidated civil class action claims that it had invaded patient privacy by using tracking codes on its websites and patient portal. Despite the threats posed by Aurora and similar malware, tools are available to combat them. For instance, an Aurora ransom decryptor tool is accessible at Bleeping Computer and Emsisoft. However, certain cloud database services, such as AWS's Aurora services for MySQL or PostgreSQL, are limited in their support against this malware. Furthermore, AWS's Outposts does not support Aurora, Oracle Database, Redshift, SageMaker, or any other AWS database model. Despite these limitations, AWS aims to provide a first-class experience with its first-party services such as Aurora for MySQL through CodeWhisperer.

Description last updated: 2024-07-09T13:20:58.052Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Operation Aurora is a possible alias for Aurora. Operation Aurora, also known as APT17, is a notorious malware operation that began in 2009 and is considered one of the most sophisticated cyberattacks ever conducted. It specializes in supply chain attacks, which are attempts to damage an organization by targeting less-secure elements in its supply	2

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Malware

Loader

Infostealer

Health

Phishing

Trojan

Healthcare

Zero Day

Azure

Malvertising

Cybercrime

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

Alias Description	Association Type	Votes
The Elderwood Threat Actor is associated with Aurora. Elderwood, also known as the Elderwood Group or the Beijing Group, is a notable threat actor believed to be responsible for numerous high-profile cyber attacks and espionage campaigns. The group's activities date back to at least 2005-2006 and have been linked to various significant incidents, inclu	Unspecified	2

Source Document References

Information about the Aurora Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
BankInfoSecurity	3 months ago	Cryptocurrency Theft Haul Surges Alongside Crypto Value
BankInfoSecurity	4 months ago	Court: HHS Overstepped HIPAA Authority in Web Tracking Guide
BankInfoSecurity	6 months ago	Law Firm to Pay $8M to Settle Health Data Hack Lawsuit
InfoSecurity-magazine	6 months ago	Report Slams Microsoft Security Failures in Government Email Breach
CERT-EU	7 months ago	How AI has already changed coding forever
CERT-EU	8 months ago	Complete Guide to Advanced Persistent Threat (APT) Security
CERT-EU	8 months ago	Scientel Solutions Announces Partnership with UK-based Cybersecurity Company, KryptoKloud
CERT-EU	8 months ago	Cybersecurity, Other USAF Needs Challenging E-7 Price Talks \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting
CERT-EU	9 months ago	Database management the easy – and professional – way
BankInfoSecurity	9 months ago	NC Health System Agrees to Pay $6.6M in Web Tracking Case
CERT-EU	9 months ago	Trusted brands embrace online privacy
DARKReading	10 months ago	10 Years After Yahoo, What’s Changed? (Not Much)
CERT-EU	10 months ago	MY TAKE: Rising geopolitical tensions suggest a dire need for tighter cybersecurity in 2024
CERT-EU	10 months ago	MY TAKE: Rising geopolitical tensions suggest a dire need for tighter cybersecurity in 2024 \| The Last Watchdog
CERT-EU	2 years ago	Boulder County buys controversial phone-hacking tech using money meant to treat, prevent drug addiction \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #hacker - National Cyber Security Consulting
CERT-EU	a year ago	Threat landscape in NZ's energy sector in the spotlight
CERT-EU	a year ago	Warning for anyone who visits adult sites as hackers target users with convincing scam \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #hacker – National Cyber Security Consulting
CERT-EU	a year ago	New Flaw in WordPress Plugin Used by Over a Million Sites Under Active Exploitation
DARKReading	a year ago	The Dark Web Is Expanding (As Is the Value of Monitoring It)
CSO Online	2 years ago	Russian hacktivists deploy new AresLoader malware via decoy installers