As with most targeted attacks, the intruders gained access to an organization by sending a tailored attack to one or a few targeted individuals.

A McAfee statement said in Bangalore on Friday that it suspects these individuals were targeted because they likely had access to valuable intellectual property. These attacks will look like they come from a trusted source, leading the target to fall for the trap and clicking a link or file. That's when the exploitation takes place, using the vulnerability in Microsoft's Internet Explorer. Once the malware is downloaded and installed, it opens a back door that allows the attacker to perform reconnaissance and gain complete control over the compromised system.

Operation "Aurora"

Based on McAfee's analysis, "Aurora" was part of the filepath on the attacker's machine that was included in two of the malware binaries that McAfee researchers have confirmed are associated with the attack. That filepath is typically inserted by code compilers to indicate where debug symbols and source code are located on the machine of the developer.

How were systems compromised?

When a user manually loaded/navigated to a malicious web page from a vulnerable Microsoft Windows system, JavaScript code exploited a zero-day vulnerability in Internet Explorer.

How wide-spread is this attack?