Facebook and Apple have become the latest companies to reveal they had been the target of a “sophisticated cyber-attack” by hackers last month. Although security was breached both companies confirmed that they had found no evidence any user data had been compromised.
In a blog post on its website Facebook explained what it knew of the cyber-attack:
“Last month, Facebook security discovered that our systems had been targeted in a sophisticated attack. The attack occurred when a handful of employees visited a mobile developer website that was compromised.”
“Malware was downloaded on to employees’ laptops. As soon as we discovered the presence of the malware, we remediated all infected machines, informed law enforcement, and began a significant investigation that continues to this day. We have no evidence that Facebook user data was compromised in this attack.”
“It is clear that others were attacked and infiltrated recently as well. As one of the first companies to discover this malware, we immediately took steps to start sharing details about the infiltration with the other companies and entities that were affected,” Facebook said.
Facebook and Apple are not the only companies to have been affected by cyber-attack. Other high profile sites have also been targeted by sophisticated hackers. This year alone the New York Times, Washington Post and Wall Street Journal have all been targeted by hackers. Twitter has also come under fire when 250,000 user’s passwords, usernames, emails and other data were stolen. The micro-blogging platform has since fixed the problem and contacted those users whose data was compromised.
Apple confirmed that its computers were attacked by the same hackers who targeted Facebook. The iPhone-maker said a small number of its machines were affected, but added there was “no evidence” of data theft. Like Facebook and the other cyber-attack victims, Apple believes the cyber-attack can be traced back to China.
In a statement, the California-based technology firm said:
“Apple has identified malware which infected a limited number of Mac systems through a vulnerability in the Java plug-in for browsers. The malware was employed in an attack against Apple and other companies, and was spread through a website for software developers.”
“We identified a small number of systems within Apple that were infected and isolated them from our network. There is no evidence that any data left Apple. We are working closely with law enforcement to find the source of the malware.”
Mandiant, a US-based cyber security firm, claimed to have pinpointed a specific building in Shanghai that was being used to house one of the world’s “most prolific cyber espionage groups”. Mandiant said Unit 61398, part of the country’s People’s Liberation Army, was believed to have “systematically stolen hundreds of terabytes of data” from at least 141 organisations around the world. China, however, has denied these hacking allegations and questioned the validity of Mandiant’s report. Other cyber security experts have subsequently suggested that the attacks originated in Eastern Europe.
If your business needs help with security reviews, penetration testing or web security solutions from Barracuda Networks, Check Point, Alien Vault and Netwrix, please contact Krypsys on 0845 474 3031 or [email protected].