After Facebook came forward last week and admitted that it had been hacked through a zero-day exploit in Java, Apple also admitted this week that it too was recently attacked. The company said that like Facebook's engineers, its own Macintosh-based employees visited a website for software developers that was laced with the same malware, only modified for Mac OS X.
"Apple has identified malware which infected a limited number of Mac systems through a vulnerability in the Java plug-in for browsers," the iPhone maker stated. "The malware was employed in an attack against Apple and other companies, and was spread through a website for software developers. We identified a small number of systems within Apple that were infected and isolated them from our network. There is no evidence that any data left Apple."
Apple acknowledged that other companies outside Facebook and Apple have been attacked by the same malicious software, and that it is working closely with law enforcement officials to determine the source. Meanwhile, Reuters reports that a person "briefed on the investigation" said that hundreds of companies, including defense contractors, have been infected with the same malware.
According to the report, this was the biggest cyber attack to date on businesses running Mac computers. Typically hackers focus on the Windows platform because (1) it has a larger base of users (2) a good chunk are still running on Windows XP (3) many users tend to neglect their updates. But hackers have increased their focus on the Mac platform more so over the last few years than ever before because of Apple's market share gain on Microsoft.
"This is the first really big attack on Macs," said the source. "Apple has more on its hands than the attack on itself."
Despite many reports covering the topic, Apple and Facebook have not pointed the finger on China – that was The Wall Street Journal and The New York Times. However cyber-security specialist Mandiant actually blamed the Chinese government in a report released on Monday, offering evidence that leads back to China’s 2nd Bureau of the People’s Liberation Army General Staff Department’s 3rd Department. Naturally Beijing has denied the claims.
According to the report, the attacks have been underway since 2006, stealing hundreds of terabytes of data from at least 141 organizations, 115 of which reside within the United States. Twenty different industrial sectors have been targeted, the report said, spanning from energy and aerospace to transportation and financial institutions.
Even more, the security firm claims to have tracked down the hackers to a 12-story office building in Shanghai. "Once [Unit 61398] has established access [to a target network], they periodically revisit the victim's network over several months or years and steal broad categories of intellectual property, including technology blueprints, proprietary manufacturing processes, test results, business plans, pricing documents, partnership agreements, and emails and contact lists from victim organizations' leadership," the report claims.
Following Mandiant's disclosure, White House spokesman Jay Carney told reporters that the Obama administration has "repeatedly raised our concerns at the highest levels about cyber theft with senior Chinese officials including in the military and we will continue to do so."
Regardless of who is behind the hacks, Apple said on Tuesday that it plans to release an updated Java malware removal tool that will check Mac systems and remove the pesky malware, if detected.