Does the “Operation Aurora” Hack of Google and Other US Companies Change Cybersecurity?

I think that “Operation Aurora,” the hack in 2009 of Google and other companies apparently by the Chinese government is “seminal event” in the world of cybersec. The attackers apparently found their targets via social networks. They used e-mail with a URL. If the target went to the website using Internet Explorer 6 a zero-day vulnerability was used to plant a trojan. The trojan had a unique signature so it was not detected by anti-virus. The attackers were well organized. The message for me is a) if you have something of value, attackers will spend the time and effort to customize their attack, b) Google has some of the most sophisticated cybersec technology available but it was not able to spot a problem, and c) humans are the weakest link in the chain.

Here is a URL from a white paper on “advanced malware exposed” from FireEye which I hope has value for you. It has a good expose on Operation Aurora.