Adobe confirms it was also hit in 'Operation Aurora' Google hack

Filed Under: Adobe, Data loss, Google, Malware, PDF

At almost the same time as Google was telling the world that attacks it believed to have originated from China had targeted its systems, Adobe made a brief statement saying that it too had been on the receiving end of a "sophisticated, co-ordinated attack".

Adobe attack statement

Presently it is not believed that any customer, financial, employee or any other sensitive data was compromised during the attack, which Adobe became aware of on January 2nd.

According to the company - which makes the ubiquitous PDF reader and Flash plug-in software used by many millions of computers around the world - other unnamed companies were also affected by the attack, which has been dubbed "Operation Aurora" by security experts.

There has been some confusion (documented by Brian Krebs on his blog) about whether the Adobe attack was connected with the targeted attack on Google that has made front page headlines around the globe.

Initially, Adobe's spokesperson Wiebke Lips told Krebs that it was "just a bad coincidence" that news of the Google and Adobe attacks came out on the same day.

However, the charmingly-monikered Ms Lips subsequently did an about-face telling ComputerWorld that the incidents were related after all.

Speculation is sure to grow in the computer security community that the attackers were using boobytrapped PDF files that exploited unpatched zero-day vulnerabilities in Adobe Reader to gain control over corporate computers.

, , , , ,

You might like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.