Operation Aurora was a series of cyber attacks performed by advanced persistent threats such as the Elderwood Group based in Beijing, China, with associations with the People's Liberation Army.

[3] The attack was directed at dozens of other organizations, of which Adobe Systems,[4] Akamai Technologies,[5] Juniper Networks,[6] and Rackspace[7] have confirmed publicly that they were targeted.

[11] According to McAfee, the primary goal of the attack was to gain access to and potentially modify source code repositories at these high-technology, security, and defense contractor companies.

"No one ever thought about securing them, yet these were the crown jewels of most of these companies in many ways—much more valuable than any financial or personally identifiable data that they may have and spend so much time and effort protecting.

[16] Technical evidence including IP addresses, domain names, malware signatures, and other factors, show Elderwood was behind the Operation Aurora attack.

[17] Elderwood also targeted numerous other companies in the shipping, aeronautics, arms, energy, manufacturing, engineering, electronics, financial, and software sectors.

After that, the group searches inside the network to which the infected computer is connected, finding and then downloading executives' e-mails and critical documents on company plans, decisions, acquisitions, and product designs.

[27] According to The Guardian's reporting on the leak, the attacks were "orchestrated by a senior member of the Politburo who typed his own name into the global version of the search engine and found articles criticising him personally".

[3] The German, Australian, and French governments publicly issued warnings to users of Internet Explorer after the attack, advising them to use alternative browsers at least until a fix for the security breach was made.

[35] The Internet Explorer exploit code used in the attack has been released into the public domain, and has been incorporated into the Metasploit Framework penetration testing program.

A copy of the exploit was uploaded to Wepawet, a service for detecting and analyzing web-based malware operated by the computer security group at the University of California, Santa Barbara.

[36] Security company Websense said it identified "limited public use" of the unpatched IE vulnerability in attacks against users who strayed onto malicious Web sites.

[39] Researchers have created attack code that exploits the vulnerability in Internet Explorer 7 (IE7) and IE8—even when Microsoft's recommended defensive measure (Data Execution Prevention (DEP)) is activated.

[22] Work on an update was prioritized[41] and on Thursday, January 21, 2010, Microsoft released a security patch intended to counter this weakness, the published exploits based on it and a number of other privately reported vulnerabilities.

HBGary, a security company, released a report in which they claimed to have found some significant markers that might help identify the code developer.