China-based hackers breached Morgan Stanley's network in 2009 in a "very sensitive" attack, according to leaked e-mails seen by Bloomberg.
The e-mails come from HBGary, a security firm working for Morgan Stanley, and reveal the bank was one of the victims of the Aurora attacks, which for around six months from mid-2009 targeted dozens of organisations, most famously Google.
The e-mails reveal Morgan Stanley was the only known financial institution to be hit but do not indicate what information was stolen, says Bloomberg.
"They were hit hard by the real Aurora attacks (not the crap in the news)," according to an e-mail from Phil Wallisch, a senior security engineer at HBGary who read the bank's internal report on the incident.
HBGary was hired in 2010 to deal with suspected network breaches unrelated to Aurora. The hackers implanted software to steal confidential files and internal communications, according to e-mails, says Bloomberg.
The e-mails have come to light after HBGary was itself hacked by the group Anonymous in retaliation for an interview given to the Financial Times by the company's COO Aaron Barr in which he claimed to have used clues on social networking sites to identify key members of the activist collective.
Other e-mails from the attack have already revealed the security company, along with two others, put together a document outlining a plan of attack on WikiLeaks for a law firm representing Bank of America.
Morgan Stanley Leak Shows Attack by China-Based Hackers Who Took On Google - Bloomberg