More details emerge on Google hack
Attack could be linked to similar incident last year involving around 100 Silicon Valley firms, says iDefense.
More details have emerged on the Google hack which has prompted the firm to threaten to pull out of China, including evidence linking the attack to a similar hack on 100 Silicon Valley firms last year, and the possibility that Adobe's corporate network has also been hacked by China.
Google's chief legal officer, David Drummond, explained in a blog posting yesterday that the firm and at least 20 other companies had been the subject of a "highly sophisticated and targeted attack".
Advertisement
The ultimate goal of the attack on Google's systems, according to Drummond, was to access the Gmail accounts of Chinese human rights activists.
Although the blog posting falls short of accusing the Chinese government outright, VeriSign's iDefense managed security services arm has confirmed that state-sponsored parties were to blame.
"Two independent, anonymous iDefense sources in the defence contracting and intelligence consulting community confirmed that both the source IPs and drop server of the attack correspond to a single foreign entity consisting either of agents of the Chinese state or proxies thereof," said an iDefense statement.
IDefense, which undertakes intelligence work with many government and Fortune 500 clients, goes on to say that the attack has similar characteristics to an email-based attack in July last year which targeted around 100 Silicon Valley firms.
Despite code samples for both being different, "they contact two similar hosts for command-and-control communication", the firm said.
The servers used in both attacks point to IP addresses owned by the same US-based hosting company, Linode, and are just six IP addresses apart from each other, according to iDefense.
"Considering this proximity, it is possible that the two attacks are one and the same, and that the organisations targeted in the Silicon Valley attacks have been compromised since July," the firm added.
There have also been rumours that Adobe has been targeted by state-sponsored Chinese hackers after stating in a blog post that it became aware two weeks ago of "a co-ordinated attack against corporate network systems managed by Adobe and other companies".
"We are currently in contact with other companies and are investigating the incident," noted the posting.
"At this time, we have no evidence to indicate that any sensitive information, including customer, financial, employee or any other sensitive data, has been compromised. We anticipate that the full investigation will take quite some time to complete."
An Adobe spokeswoman said that the company had no additional comment to make.
Mikko Hyppönen, chief research officer at security vendor F-Secure, speculated on the firm's blog that somebody may have been "trying to gain access to [Adobe's] development systems in order to find out new vulnerabilities for future attacks".
Adobe yesterday fixed a zero-day flaw in its Acrobat and Reader software which has been actively exploited in the wild over the past month or so, although there is no hard evidence yet to suggest that this flaw was exploited as part of the Google attack.
source
More details have emerged on the Google hack which has prompted the firm to threaten to pull out of China, including evidence linking the attack to a similar hack on 100 Silicon Valley firms last year, and the possibility that Adobe's corporate network has also been hacked by China.
Google's chief legal officer, David Drummond, explained in a blog posting yesterday that the firm and at least 20 other companies had been the subject of a "highly sophisticated and targeted attack".
Advertisement
The ultimate goal of the attack on Google's systems, according to Drummond, was to access the Gmail accounts of Chinese human rights activists.
Although the blog posting falls short of accusing the Chinese government outright, VeriSign's iDefense managed security services arm has confirmed that state-sponsored parties were to blame.
"Two independent, anonymous iDefense sources in the defence contracting and intelligence consulting community confirmed that both the source IPs and drop server of the attack correspond to a single foreign entity consisting either of agents of the Chinese state or proxies thereof," said an iDefense statement.
IDefense, which undertakes intelligence work with many government and Fortune 500 clients, goes on to say that the attack has similar characteristics to an email-based attack in July last year which targeted around 100 Silicon Valley firms.
Despite code samples for both being different, "they contact two similar hosts for command-and-control communication", the firm said.
The servers used in both attacks point to IP addresses owned by the same US-based hosting company, Linode, and are just six IP addresses apart from each other, according to iDefense.
"Considering this proximity, it is possible that the two attacks are one and the same, and that the organisations targeted in the Silicon Valley attacks have been compromised since July," the firm added.
There have also been rumours that Adobe has been targeted by state-sponsored Chinese hackers after stating in a blog post that it became aware two weeks ago of "a co-ordinated attack against corporate network systems managed by Adobe and other companies".
"We are currently in contact with other companies and are investigating the incident," noted the posting.
"At this time, we have no evidence to indicate that any sensitive information, including customer, financial, employee or any other sensitive data, has been compromised. We anticipate that the full investigation will take quite some time to complete."
An Adobe spokeswoman said that the company had no additional comment to make.
Mikko Hyppönen, chief research officer at security vendor F-Secure, speculated on the firm's blog that somebody may have been "trying to gain access to [Adobe's] development systems in order to find out new vulnerabilities for future attacks".
Adobe yesterday fixed a zero-day flaw in its Acrobat and Reader software which has been actively exploited in the wild over the past month or so, although there is no hard evidence yet to suggest that this flaw was exploited as part of the Google attack.
source
No comments: