At least 40 companies including Apple Inc., Facebook Inc. and Twitter Inc. were targeted in malware attacks linked to an Eastern European gang of hackers that is trying steal company secrets, two people familiar with the matter said.
Apple, one of three victims to publicly disclose attacks this month, said some of its internal Mac systems were affected by a malware attack. The hackers used an iPhone-developer website, according to the people familiar with law enforcement efforts, including investigations by the FBI and Secret Service, and didn’t want to be identified because of the probe.
“We identified a small number of systems within Apple that were infected and isolated them from our network,” Cupertino, California-based Apple said yesterday in a statement. “There is no evidence that any data left Apple. We are working closely with law enforcement to find the source of the malware.”
The attack is part of the same series of invasions that also led to recently disclosed breaches at Facebook and Twitter, according to investigators working with the companies. Apple was the first to discover the attack, one of the people said.
The hackers appear to be seeking company secrets, research and intellectual property they can sell underground, the people familiar with the matter said. While such attacks have previously been associated with China, sophisticated criminals in other countries have now successfully hacked corporate networks.
Facebook said last week that it was subjected to a “sophisticated attack” by hackers who took advantage of weaknesses in a mobile-developer website. Apple said its computers were infected in a similar manner, though it didn’t name Facebook or any other affected companies.
Twitter, the microblogging site with more than 200 million active users, said this month that it detected unauthorized attempts to hack into its systems and that attackers may have obtained access to information for about 250,000 people. It said the perpetrators were “extremely sophisticated.”
Information from the social media sites could be used to target employees of other companies, the investigators said.
Employees at the companies were first infected when they visited the iPhone developers site iphonedevsdk.com, which the hackers had infiltrated and used to implant malware via a security flaw in the victims’ browsers. Bedford, Massachusetts-based RSA Security Inc. has dubbed the tactic a “waterhole” attack, because victims are attracted to the source of the infection like animals attracted to a waterhole on the savanna.
In this case, the website was probably visited by software developers and other employees of technology companies, which would present attractive targets to hackers, according to Anup Ghosh, founder of the security firm Invincea Inc. The hackers, who don’t know ahead of time exactly who will be infected, then use those initial infections to burrow deeper into networks of companies that might have valuable data, Ghosh said.
Investigators suspect that the hackers are a criminal group based in Russia or Eastern Europe, and have tracked at least one server being used by the group to a hosting company in the Ukraine. Other evidence, including the malware used in the attack, also suggest it is the work of cyber criminals rather than state-sponsored espionage from China, two people familiar with the investigation said.
The New York Times Co. reported Jan. 30 that its computer network was hacked repeatedly by attackers in China. For four months, the newspaper’s computer systems were infiltrated and Chinese hackers accessed some passwords for its reporters and other employees, the publisher said.
The Wall Street Journal also outlined similar attacks on its systems, while Bloomberg LP, the parent of Bloomberg News, said there have been unsuccessful attempts to infiltrate its network.