Threat Management, Threat Intelligence, Threat Management, Vulnerability Management

HBGary emails out Morgan Stanley as Aurora victim

Chinese hackers that attacked systems at Google and Adobe also infiltrated global financial services firm Morgan Stanley, according to internal emails stolen from HBGary, a security firm that was working with the bank.

In the emails, made public earlier this month by the activist hacker group Anonymous following a vengeful hack, an HBGary researcher said Morgan Stanley provided him details of the attack but asked that the information be kept secret.

The financial institution was one of those targeted in a series of coordinated attacks that have been dubbed “Operation Aurora.” Bloomberg News first reported this story on Monday.

“They were hit hard by the real Aurora attacks (not the crap in the news),” Phil Wallisch, senior security engineer at HBGary, wrote in a June 4 email to HBGary President Penny Leavy-Hoglund.

The attacks leveraged a previously unknown vulnerability in Internet Explorer to compromise systems at Google, Adobe and dozens of other companies. Morgan Stanley is the first financial institution to be identified as a victim.

“They have given me access to a very sensitive report on their Aurora experience,” Wallisch wrote in a May 10 email to Leavy-Hoglund.

In the same email, Wallisch said Morgan Stanley requested that he not share the information with anyone.  

In a statement sent to SCMagazineUS.com on Tuesday, Morgan Stanley said the incident occurred more than a year ago and the bank has notified regulators, law enforcement and a “handful” of clients who may have been affected.

“Morgan Stanley invests significantly in IT security and manages a robust program to deal with malware and attempted computer compromises,” the statement said. “Like any other company in our industry, we deal with these matters in the normal course of conducting business.”

Dmitri Alperovitch, vice president of threat research at McAfee, told SCMagazineUS.com on Tuesday that Operation Aurora-style attacks are happening on a daily basis targeting a range of industries but most are never disclosed publicly.

“Most major global companies have come under these persistent and targeted attacks over the last few years and many have been successfully compromised,” Alperovitch said.

Operation Aurora is unique, he said, because of all the details that have emerged about the attacks.

Last January, Google disclosed that its systems were compromised to steal intellectual property on behalf of Chinese hackers. Adobe, Juniper Networks and Rackspace have also confirmed that their systems were targeted in the attacks. According to reports, Yahoo, Symantec, Northrop Grumman and Dow Chemical also were among the victims.

HBGary's internal emails, which out Morgan Stanley as a victim, were stolen last month by Anonymous after Aaron Barr, CEO of HBGary Federal, a sister firm to HBGary, told the Financial Times he planned to reveal his research around the activist collective at an upcoming security conference.

He never did. Barr has since resigned so he could repair his reputation.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.