Google outage a throw back to the sponsored hackers in China: Operation Aurora

December 22, 2020
google outage operation aurora DDOS china

A few days passed; the cyber community again experienced another worldwide Distributed-Denial-of-Service (DDoS) that hits one of the tech giant service providers. With billions of users, Google has been struck by such attacks that led to most of its services – Gmail, Calendar, and Youtube have been inaccessible for a few hours.

Based on the initial investigation, the issue was confirmed with the login tools of Google. As the platform uses a single-sign-on feature to access all its services, the rupture of the verification process caused the sitewide service unavailability. Later, it is suspected by some users that this could have been an orchestrated state-sponsored attack.

Tracing back a similar attack that originated from China, Google has experienced it first in 2009 and was known to the public in their blog that was released in 2010, hereon after tagged as ‘Operation Aurora’ – based on the computer and files used on the operation. The attack was said to be rooted in the internet search Censorship laws in China that Google declined to adhere to after a high-ranking official in China found unfiltered results criticizing the said official. In response, the Chinese government retaliated through its specialized agency that commences the intrusion and then led to multiple discoveries that include the banning of Google in Mainland China via the Chinese – ‘Great Firewall’.

An in-depth investigation confirmed that the attack includes cyberespionage to exfiltrate Gmail accounts of known Chinese Human Rights advocates for them to monitor its activity. The intrusion led again to another discovery that it also aims to exfiltrate sensitive information such as identifying Chinese Nationals that are on the watchlist of US government authorities in which legal wiretappings has been issued. Also, investigators can see evidence of monitoring and exfiltration activity on 34 prominent companies like Symantec, Yahoo, Adobe, etc.

To date, Google experienced a lot of cyberattacks that they were able to properly manage. Still, the significant impact so far was the attack that happened in 2017 that again linked to the Chinese government operation. The perpetrators used a simultaneous attack that led to Google server traffic overload, which is still considered as the most extensive DDoS intrusion with a massive 2.54Tbps.


The recent attack is still in the constant investigation as Google confirmed that they lost intellectual property from it and an addition to Operation Aurora.


Cybersecurity experts worry as though Google did not disclose the magnitude of the stolen data, with billions of its users, getting hold of Gmail credentials and email contents can lead to massive damage to the community. This is in addition to the current dreaded situation of rising statistics of DDoS attacks that are targeting many internet technology service providers. Hence, this is another wake-up call for the cybercommunity to be more cautious and scrutinized everything that is received or published on the internet.

About the author

Leave a Reply