Aurora

Malware updated 2 months ago (2024-07-09T14:17:54.401Z)
Download STIX
Preview STIX
Aurora is a type of malware designed to exploit and damage computer systems, often through suspicious downloads, emails, or websites. It has been used in a series of high-profile cyber-attacks over the years, with notable instances such as Operation Aurora in 2009, which targeted major technology companies including Google, and Operation Aurora Redux in 2012. This malicious software, along with others like RedLine, LokiBot, and Mars, is built to steal session cookies and saved passwords from browsers, which can be used to evade multifactor authentication controls and access crypto wallets. The Storm-0558 group, tracked for over 20 years, has been linked to these attacks and other cloud provider compromises. In July 2022, Advocate Aurora Health, a prominent healthcare provider in the Midwest, faced a data exposure incident due to incorrect usage of meta-pixels, impacting around 3 million people. Later, in October 2022, Advocate Aurora reported a HIPAA breach affecting the same number of individuals involving its prior use of web trackers. Following these incidents, Advocate Aurora agreed in August 2024 to pay $12.25 million to settle consolidated civil class action claims that it had invaded patient privacy by using tracking codes on its websites and patient portal. Despite the threats posed by Aurora and similar malware, tools are available to combat them. For instance, an Aurora ransom decryptor tool is accessible at Bleeping Computer and Emsisoft. However, certain cloud database services, such as AWS's Aurora services for MySQL or PostgreSQL, are limited in their support against this malware. Furthermore, AWS's Outposts does not support Aurora, Oracle Database, Redshift, SageMaker, or any other AWS database model. Despite these limitations, AWS aims to provide a first-class experience with its first-party services such as Aurora for MySQL through CodeWhisperer.
Description last updated: 2024-07-09T13:20:58.052Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Operation Aurora
2
Operation Aurora, also known as APT17, is a notorious malware operation that began in 2009 and is considered one of the most sophisticated cyberattacks ever conducted. It specializes in supply chain attacks, which are attempts to damage an organization by targeting less-secure elements in its supply
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Loader
Infostealer
Health
Phishing
Trojan
Healthcare
Zero Day
Azure
Malvertising
Cybercrime
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
IDTypeVotesProfile Description
ElderwoodUnspecified
2
Elderwood, also known as the Elderwood Group or the Beijing Group, is a notable threat actor believed to be responsible for numerous high-profile cyber attacks and espionage campaigns. The group's activities date back to at least 2005-2006 and have been linked to various significant incidents, inclu
Source Document References
Information about the Aurora Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
BankInfoSecurity
2 months ago
Cryptocurrency Theft Haul Surges Alongside Crypto Value
BankInfoSecurity
3 months ago
Court: HHS Overstepped HIPAA Authority in Web Tracking Guide
BankInfoSecurity
5 months ago
Law Firm to Pay $8M to Settle Health Data Hack Lawsuit
InfoSecurity-magazine
5 months ago
Report Slams Microsoft Security Failures in Government Email Breach
CERT-EU
6 months ago
How AI has already changed coding forever
CERT-EU
6 months ago
Complete Guide to Advanced Persistent Threat (APT) Security
CERT-EU
7 months ago
Scientel Solutions Announces Partnership with UK-based Cybersecurity Company, KryptoKloud
CERT-EU
7 months ago
Cybersecurity, Other USAF Needs Challenging E-7 Price Talks | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting
CERT-EU
8 months ago
Database management the easy – and professional – way
BankInfoSecurity
8 months ago
NC Health System Agrees to Pay $6.6M in Web Tracking Case
CERT-EU
8 months ago
Trusted brands embrace online privacy
DARKReading
8 months ago
10 Years After Yahoo, What’s Changed? (Not Much)
CERT-EU
8 months ago
MY TAKE: Rising geopolitical tensions suggest a dire need for tighter cybersecurity in 2024
CERT-EU
8 months ago
MY TAKE: Rising geopolitical tensions suggest a dire need for tighter cybersecurity in 2024 | The Last Watchdog
CERT-EU
2 years ago
Boulder County buys controversial phone-hacking tech using money meant to treat, prevent drug addiction | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker - National Cyber Security Consulting
CERT-EU
a year ago
Threat landscape in NZ's energy sector in the spotlight
CERT-EU
a year ago
Warning for anyone who visits adult sites as hackers target users with convincing scam | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker – National Cyber Security Consulting
CERT-EU
a year ago
New Flaw in WordPress Plugin Used by Over a Million Sites Under Active Exploitation
DARKReading
a year ago
The Dark Web Is Expanding (As Is the Value of Monitoring It)
CSO Online
a year ago
Russian hacktivists deploy new AresLoader malware via decoy installers