Aurora

Malware Profile Updated 24 days ago
Download STIX
Preview STIX
Aurora is a notorious malware, also known as Operation Aurora, which first gained prominence in 2009 when it targeted major technology companies, including Google. The Storm-0558 group, associated with high-profile cloud provider compromises such as Operation Aurora and RSA SecureID, has been under surveillance for over two decades. A subsequent attack, dubbed Operation Aurora Redux, occurred in 2012. To combat the threat of this malicious software, various tools have been developed, including the Aurora ransom decryptor tool available at BleepingComputer and an alternative at Emsisoft. In July 2022, Advocate Aurora Health, a leading healthcare provider in the Midwest with 26 hospitals across Wisconsin and Illinois, experienced a significant data exposure incident. By October 2022, the organization reported a HIPAA breach affecting three million individuals due to its previous use of web trackers. In August of the following year, Advocate Aurora Health agreed to pay $12.25 million to settle consolidated civil class action claims alleging that the hospital chain had violated patient privacy by employing tracking codes on its websites and patient portals. While Aurora has primarily been associated with cyber threats, it is also the name of various database services and solutions. However, there are limitations and restrictions tied to these services. For instance, Aurora's cloud database services—MySQL or PostgreSQL—are limited to io1, offering 64,000 IOPS. Furthermore, AWS Outposts does not support Aurora, Oracle Database, Redshift, SageMaker, or any other AWS database model. Despite this, AWS aims to provide a superior experience with its first-party services like Aurora for MySQL.
What's your take? (Question 1 of 5)
76cd733e-cfcf-415b-8931-989699784735 Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Operation Aurora
2
Operation Aurora, also known as APT17, is a notorious malware operation that began in 2009 and is considered one of the most sophisticated cyberattacks ever conducted. It specializes in supply chain attacks, which are attempts to damage an organization by targeting less-secure elements in its supply
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Loader
Cybercrime
Infostealer
Health
Phishing
Trojan
Healthcare
Zero Day
Azure
Malvertising
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
ElderwoodUnspecified
2
Elderwood, also known as the Elderwood Group or the Beijing Group, is a notable threat actor believed to be responsible for numerous high-profile cyber attacks and espionage campaigns. The group's activities date back to at least 2005-2006 and have been linked to various significant incidents, inclu
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Aurora Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
a year ago
Hubble Announces Aurora™, the Category Defining Cybersecurity Asset Intelligence™ Platform
CSO Online
a year ago
Hard-to-detect malware loader distributed via AI-generated YouTube videos
CERT-EU
10 months ago
China's Hacker Army
BankInfoSecurity
9 months ago
Advocate Aurora to Settle Web Tracker Claims for $12.25M
CERT-EU
a year ago
Connect the Dots on State-Sponsored Cyber Incidents - Operation Aurora
MITRE
a year ago
Elderwood project, who is behind Op. Aurora and ongoing attacks? - Security Affairs
CERT-EU
3 months ago
Complete Guide to Advanced Persistent Threat (APT) Security
BankInfoSecurity
9 months ago
Feds Publicly Name 130 Healthcare Firms Using Web Trackers
BankInfoSecurity
9 months ago
Insulin App Maker Faces Privacy Lawsuit for Web Tracker Use
BankInfoSecurity
4 months ago
NC Health System Agrees to Pay $6.6M in Web Tracking Case
Malwarebytes
a year ago
Fake system update drops Aurora stealer via Invalid Printer loader
BankInfoSecurity
9 months ago
Judge Gives Green Light to Meta Pixel Web Tracker Lawsuit
CSO Online
a year ago
Hackers steal crypto assets by defeating 2FA with rogue browser extension
CERT-EU
8 months ago
AI Developers Conference: Intel's Commitment to Advanced Tools
CERT-EU
a year ago
Cloudflare ขยายความสามารถ Zero Trust Security สำหรับการใช้งาน Gen-AI ในองค์กร
BankInfoSecurity
a month ago
Law Firm to Pay $8M to Settle Health Data Hack Lawsuit
CERT-EU
8 months ago
Connect the Dots on State-Sponsored Cyber Incidents - Operation Aurora
CERT-EU
8 months ago
More Privacy, Please - August/September 2023
CERT-EU
8 months ago
Top 10 Healthcare Data Breaches [2022-2023]
CERT-EU
a year ago
New AWS GuardDuty capabilities secure container, database, serverless workloads