Over 760 organisations are likely to have had their networks compromised by the same attackers who launched an advanced persistent threat to infiltrate the IT systems of RSA Security.
The revelations were made by security expert Brian Krebs in a blog post on Monday, and blow a hole in the wall of silence that followed the attacks.
Krebs listed over 760 organisations which “had networks that were compromised with some of the same resources” that hit RSA, including big tech firms Google, Novell, Qualcomm and Facebook.
He explained that the networks of the organisations on the list had “phoned home” to some of the same command and control infrastructure used in the RSA attack in March, which was initially believed to have been carried out in order to compromise the SecureID system and thus infiltrate US defence contractors.
The attacks may have been occurring as early as November 2010, said Krebs, although he did add that some of the firms on the list were probably not original targets, for example, ISPs.
“It is not clear how many systems in each of these companies or networks were compromised, for how long those intrusions persisted, or whether the attackers successfully stole sensitive information from all of the victims,” Krebs said.
“Finally, some of these organisations (there are several anti-virus firms mentioned) may be represented because they intentionally compromised internal systems in an effort to reverse engineer malware used in these attacks.”
Nevertheless, it’s a fascinating snapshot into the scale of the attack and it may be telling that the vast majority of command and control networks used were located in the Beijing region.
Leave a Reply