Operation Aurora
Date of report
  • January 2010
Operation Aurora was a series of cyberattacks from China that targeted U.S. private sector companies in 2010. The threat actors conducted a phishing campaign that compromised the networks of Yahoo, Adobe, Dow Chemical, Morgan Stanley, Google, and more than two dozen other companies to steal their trade secrets. Google was the only company that confirmed it was a victim and disclosed to the public that the Gmail accounts of certain Chinese human rights activists had been compromised. Google also publicly attributed the incident to China, something companies were reluctant to do for fear of jeopardizing their access to the Chinese market.   The incident is viewed as a milestone in the recent history of cyber operations because it raised the profile of cyber operations as a tool for industrial espionage. It led Google to cease its operations in China, though it continues to operate a localized version of its search engine in Hong Kong. As a result of the Gmail compromise, Google began notifying users if it believed their accounts had been targeted or compromised by a state-sponsored actor. This practice later spread to other email providers.
Suspected victims
  • Google
  • Rackspace
  • Northtrop Grumman
  • Adobe
  • Yahoo
  • Morgan Stanley
  • Juniper Networks
  • Symantec
  • Dow Chemical
Suspected state sponsor
  • China
Type of incident
  • Espionage
Target category
  • Private sector
Victim government reaction
  • Yes
Policy response
Suspected state sponsor response