Aurora

Malware updated 23 days ago (2024-11-29T13:51:55.633Z)

Download STIX

Preview STIX

Aurora is a notorious malware that has been involved in several high-profile cyber-attacks and data breaches. The malware was first associated with Operation Aurora in 2009, which targeted major technology companies, including Google. In mid-2023, the Kral downloader, which downloaded the Aurora stealer, was discovered. This type of malware, along with others such as RedLine, LokiBot, and Mars, is designed to steal session cookies and saved passwords from browsers, which can be used to bypass multi-factor authentication controls and access crypto wallets. The Storm-0558 group, which has been tracked for over 20 years, has been linked to other significant cloud provider compromises, including Operation Aurora Redux in 2012, a continuation of the original Aurora attacks. The misuse of Aurora has resulted in severe consequences for various entities, particularly within the healthcare sector. In July 2022, Advocate Aurora Health, a prominent Midwest healthcare provider, experienced a data exposure incident. Later, in October 2022, Advocate Aurora reported a HIPAA breach affecting three million individuals due to its prior use of web trackers. The Illinois-based hospital chain agreed to pay $12.25 million in August 2024 to settle consolidated civil class action claims related to patient privacy invasion through the use of tracking codes on its websites and patient portal. Despite the damage caused by Aurora, tools have been developed to combat this malicious software. Two such tools are the Aurora ransom decryptor tool and its alternative, both available for download online. However, it's important to note that certain cloud database services, such as AWS's Outposts, do not support Aurora or any other AWS database model. AWS continues to develop its services, aiming for a first-class experience with its first-party services like Aurora for MySQL.

Description last updated: 2024-10-22T17:40:46.314Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Operation Aurora is a possible alias for Aurora. Operation Aurora, also known as APT17, is a notorious malware operation that began in 2009 and is considered one of the most sophisticated cyberattacks ever conducted. It specializes in supply chain attacks, which are attempts to damage an organization by targeting less-secure elements in its supply	2

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Malware

Loader

Infostealer

Vulnerability

Health

Phishing

Trojan

Healthcare

Zero Day

Azure

Malvertising

Cybercrime

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

Alias Description	Association Type	Votes
The Elderwood Threat Actor is associated with Aurora. Elderwood, also known as the Elderwood Group or the Beijing Group, is a notable threat actor believed to be responsible for numerous high-profile cyber attacks and espionage campaigns. The group's activities date back to at least 2005-2006 and have been linked to various significant incidents, inclu	Unspecified	2

Source Document References

Information about the Aurora Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
DARKReading	21 hours ago	BlackBerry to Sell Cylance to Arctic Wolf
Securelist	2 months ago	Stealers on the rise: Kral, AMOS, Vidar and ACR
BankInfoSecurity	5 months ago	Cryptocurrency Theft Haul Surges Alongside Crypto Value
BankInfoSecurity	6 months ago	Court: HHS Overstepped HIPAA Authority in Web Tracking Guide
BankInfoSecurity	8 months ago	Law Firm to Pay $8M to Settle Health Data Hack Lawsuit
InfoSecurity-magazine	9 months ago	Report Slams Microsoft Security Failures in Government Email Breach
CERT-EU	9 months ago	How AI has already changed coding forever
CERT-EU	10 months ago	Complete Guide to Advanced Persistent Threat (APT) Security
CERT-EU	10 months ago	Scientel Solutions Announces Partnership with UK-based Cybersecurity Company, KryptoKloud
CERT-EU	10 months ago	Cybersecurity, Other USAF Needs Challenging E-7 Price Talks \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting
CERT-EU	a year ago	Database management the easy – and professional – way
BankInfoSecurity	a year ago	NC Health System Agrees to Pay $6.6M in Web Tracking Case
CERT-EU	a year ago	Trusted brands embrace online privacy
DARKReading	a year ago	10 Years After Yahoo, What’s Changed? (Not Much)
CERT-EU	a year ago	MY TAKE: Rising geopolitical tensions suggest a dire need for tighter cybersecurity in 2024
CERT-EU	a year ago	MY TAKE: Rising geopolitical tensions suggest a dire need for tighter cybersecurity in 2024 \| The Last Watchdog
CERT-EU	2 years ago	Boulder County buys controversial phone-hacking tech using money meant to treat, prevent drug addiction \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #hacker - National Cyber Security Consulting
CERT-EU	a year ago	Threat landscape in NZ's energy sector in the spotlight
CERT-EU	2 years ago	Warning for anyone who visits adult sites as hackers target users with convincing scam \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #hacker – National Cyber Security Consulting
CERT-EU	2 years ago	New Flaw in WordPress Plugin Used by Over a Million Sites Under Active Exploitation