More Aurora victims revealed

Dozens of high-profile firms including GE and Johnson & Johnson are identified as victims of the Aurora attacks

Further evidence of the extent of the Aurora malware attacks has emerged, with Johnson & Johnson (J&J), Qinetic and General Electric joining the roster of high-profile victims.

According to Bloomberg, J&J, Qinetic and GE are among more than a dozen companies identified as potential victims of Aurora in leaked emails from security firm HBGary.

As Computing first revealed in February, those emails also confirmed that DuPont had been targeted by the gang behind Aurora.

The Aurora attacks first came to light in late 2009 after Chinese dissidents discovered their Gmail accounts had been broken into.

But it is increasingly clear that those behind the attacks were not just targeting political activists, but were engaged in prolonged industrial espionage.

One of the features of the Aurora attacks were spear-phishing emails sent to employees of the target companies. These emails contained malware that exploited a zero-day flaw in Microsoft’s Internet Explorer browser. Once activated, the malware was capable of taking control of the victims’ computer and siphoning off corporate secrets.

“Targeted malware is a rapidly growing tool for cyber criminals,” said John Pescatore, distinguished analyst, Gartner.

While it was known that Google and Adobe had been attacked, other victims had remained silent, until the details emerged in leaked emails.

The HBGary emails were posted online by hackers affiliated to online activist group Anonymous. They had hacked in to the company’s servers after the chief executive of an affiliate company, HBGary Federal, had threatened to reveal the identities of people he believed controlled Anonymous.