If I were a Chinese hacker, wouldn't the filepaths on my development machine have non-English (unicode) characters? I'm sure some readers of this blog would know -- if you develop software in a Chinese language environment, do you use English words or Chinese characters for path and directory names?
Of course, it's possible the attackers just bought the malware from a black hat developer somewhere or have deliberately obfuscated the origin of their code. We need some more forensic information...
McAfee Security Insights Blog: ... the intruders gained access to an organization by sending a tailored attack to one or a few targeted individuals. We suspect these individuals were targeted because they likely had access to valuable intellectual property. These attacks will look like they come from a trusted source, leading the target to fall for the trap and clicking a link or file. That’s when the exploitation takes place, using the vulnerability in Microsoft’s Internet Explorer.
Once the malware is downloaded and installed, it opens a back door that allows the attacker to perform reconnaissance and gain complete control over the compromised system. The attacker can now identify high value targets and start to siphon off valuable data from the company. ...
Operation “Aurora”
I am sure you are wondering about the name “Aurora.” Based on our analysis, “Aurora” was part of the filepath on the attacker’s machine that was included in two of the malware binaries that we have confirmed are associated with the attack. That filepath is typically inserted by code compilers to indicate where debug symbols and source code are located on the machine of the developer. We believe the name was the internal name the attacker(s) gave to this operation. ...
