Quantcast
Get breaking news alerts via email

Click here to manage your alerts
David Paul Morris | Bloomberg “There is no evidence that any data left Apple. We are working closely with law enforcement to find the source of the malware,” Apple said in a statement.
Malware attack on Apple said to come from European gang
Security » Company says Macs at its offices were hacked, repeating pattern of other victims.
First Published Feb 19 2013 06:17 pm • Last Updated Feb 19 2013 10:36 pm

At least 40 companies, including Apple Inc., Facebook Inc. and Twitter Inc., were targeted in malware attacks, reportedly linked to an Eastern European gang of hackers that is trying stealing company secrets.

Apple, one of three victims to publicly disclose attacks, said some of its internal Mac systems were affected. The hackers reportedly used an iPhone-developer website, according to investigations by law enforcement agencies.

Join the Discussion
Post a Comment

"We identified a small number of systems within Apple that were infected and isolated them from our network," Apple said in a statement. "There is no evidence that any data left Apple. We are working closely with law enforcement to find the source of the malware."

The attack is part of the same series of invasions that also led to recently disclosed breaches at Facebook and Twitter, according to investigators working with the companies. The hackers appear to be seeking company secrets, research and intellectual property they can sell underground. Although such attacks have previously been associated with China, sophisticated criminals in other countries have now successfully hacked corporate networks.

Facebook said last week that it was subjected to a "sophisticated attack" by hackers who took advantage of weaknesses in a mobile-developer website. Apple said its computers were infected in a similar manner, although it didn’t name Facebook or any other affected companies.

Twitter, the microblogging site with more than 200 million active users, said this month that it detected unauthorized attempts to hack into its systems and that attackers may have obtained access to information for about 250,000 people. It said the perpetrators were "extremely sophisticated."

Information from the social media sites could be used to target employees of other companies, the investigators said.

Devices at the companies were first infected when users visited the iPhone developers site iphonedevsdk.com, which the hackers had infiltrated and used to implant malware via a security flaw in the victims’ browsers. RSA Security Inc. has dubbed the tactic a waterhole attack, because victims were attracted to the source of the infection like animals attracted to a waterhole on the savanna.

In this case, the website was probably visited by software developers and other employees of technology companies, which would present attractive targets to hackers, according to Anup Ghosh, founder of the security firm Invincea Inc. The hackers, who don’t know ahead of time exactly who will be infected, then use those initial infections to burrow deeper into networks of companies that might have valuable data, Ghosh said.

Investigators suspect that the hackers are a criminal group based in Russia or Eastern Europe, and have tracked at least one server being used by the group to a hosting company in the Ukraine. Other evidence, including the malware used in the attack, also suggest it is the work of cyber criminals rather than state-sponsored espionage from China.


story continues below
story continues below



Copyright 2014 The Salt Lake Tribune. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

Top Reader Comments Read All Comments Post a Comment
Click here to read all comments   Click here to post a comment


About Reader Comments


Reader comments on sltrib.com are the opinions of the writer, not The Salt Lake Tribune. We will delete comments containing obscenities, personal attacks and inappropriate or offensive remarks. Flagrant or repeat violators will be banned. If you see an objectionable comment, please alert us by clicking the arrow on the upper right side of the comment and selecting "Flag comment as inappropriate". If you've recently registered with Disqus or aren't seeing your comments immediately, you may need to verify your email address. To do so, visit disqus.com/account.
See more about comments here.
Staying Connected
Videos
Jobs
Contests and Promotions
  • Search Obituaries
  • Place an Obituary

  • Search Cars
  • Search Homes
  • Search Jobs
  • Search Marketplace
  • Search Legal Notices

  • Other Services
  • Advertise With Us
  • Subscribe to the Newspaper
  • Access your e-Edition
  • Frequently Asked Questions
  • Contact a newsroom staff member
  • Access the Trib Archives
  • Privacy Policy
  • Missing your paper? Need to place your paper on vacation hold? For this and any other subscription related needs, click here or call 801.204.6100.