Skip to Content
Uncategorized

Internet Explorer Flaw Implicated in Chinese Attacks

A bug in the browser was a key part of recent attacks by Chinese hackers.
January 14, 2010

George Kurtz, CTO of McAfee Security, revealed new details of the recent attack on Google and other companies in a blog post this afternoon. A “zero-day” bug–a previously undiscovered vulnerability–in Microsoft’s Internet Explorer browser seems to have been a key part of the attack.

The attack on Google’s infrastructure, which Kurtz calls “Operation Aurora,” was able to steal some of the Web giant’s intellectual property, apparently in the process of pursuing access to the e-mail accounts of Chinese human-rights activists. Google has said that the same attack hit at least 20 other large companies.

Yesterday, I reported that the attackers likely used social engineering techniques to get into Google’s infrastructure, and Kurtz’s post confirms this–attackers tricked company employees into clicking malicious links in an e-mail. But once those links were clicked, they activated malware that exploited Internet Explorer.

Kurtz writes:

Our investigation has shown that Internet Explorer is vulnerable on all of Microsoft’s most recent operating system releases, including Windows 7. … While we have identified the Internet Explorer vulnerability as one of the vectors of attack in this incident, many of these targeted attacks often involve a cocktail of zero-day vulnerabilities combined with sophisticated social engineering scenarios. So there very well may be other attack vectors that are not known to us at this time. That said, contrary to some reports our findings to date have not shown a vulnerability in Adobe Reader being a factor in these attacks.

Kurtz doesn’t specify which of the affected companies were infiltrated through the bug in Internet Explorer, but I’m hoping Google wasn’t one of them. Wouldn’t Google’s employees have been using its own Chrome browser?

Microsoft is expected to release more information at this location.

Deep Dive

Uncategorized

Our best illustrations of 2022

Our artists’ thought-provoking, playful creations bring our stories to life, often saying more with an image than words ever could.

How CRISPR is making farmed animals bigger, stronger, and healthier

These gene-edited fish, pigs, and other animals could soon be on the menu.

The Download: the Saudi sci-fi megacity, and sleeping babies’ brains

This is today’s edition of The Download, our weekday newsletter that provides a daily dose of what’s going on in the world of technology. These exclusive satellite images show Saudi Arabia’s sci-fi megacity is well underway In early 2021, Crown Prince Mohammed bin Salman of Saudi Arabia announced The Line: a “civilizational revolution” that would house up…

10 Breakthrough Technologies 2023

Every year, we pick the 10 technologies that matter the most right now. We look for advances that will have a big impact on our lives and break down why they matter.

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.