Microsoft said in a blog on Friday that it too has suffered a "security intrusion" similar to what has been reported by Facebook and Apple. Like the other victims, the Redmond company said that it waited to make a full public disclosure until its initial information gathering process was complete.
"During our investigation, we found a small number of computers, including some in our Mac business unit, that were infected by malicious software using techniques similar to those documented by other organizations," said Matt Thomlinson, general manager of Microsoft's Trustworthy Computing division. "We have no evidence of customer data being affected and our investigation is ongoing."
Recently both Facebook and Apple released reports stating that company employees visited an infected web site for software developers. The lurking malware reportedly took advantage of a zero-day vulnerability in the Java plug-in for browsers. For Apple and Facebook, only a handful of computers were compromised, but the infection itself has affected hundreds of companies.
"This type of cyberattack is no surprise to Microsoft and other companies that must grapple with determined and persistent adversaries," Thomlinson said. "We continually re-evaluate our security posture and deploy additional people, processes, and technologies as necessary to help prevent future unauthorized access to our networks."
As previously reported, the attacks on Facebook, Apple, and others seemed unrelated to the hacks on The New York Times, The Wall Street Journal and The Washington Post which pointed a finger at China. The news agencies claimed their networks were directly infiltrated while Apple and others said their employees acquired malware through a highly-used website. Thus from the outside, these two attacks appear to be separate.
Last week a report surfaced citing two unnamed people close to the ongoing investigation regarding the Facebook and Apple group. They claim that an Eastern European gang of hackers planted malware on a website for iPhone developers. At least one server being used by this group – possibly based out of Russia -- is located in the Ukraine.
Security firm RSA labels this method of attack as a "watering hole", a new form of attack where a hacker intentionally infiltrates a company's network by infecting a website commonly used by its employees. In this case, it was iphonedevsdk.com which may still be infected. It's believed companies like Facebook, Apple – maybe even Twitter and Microsoft – visited this website while working on their mobile apps for iOS. That would explain why both the PC and Mac platforms were violated simultaneously and so easily.
"The methodology relies on 'trojanizing' legitimate websites specific to a geographic area which the attacker believes will be visited by end users who belong to the organization they wish to penetrate," the company said. "This results in a wholesale compromise of multiple hosts inside a corporate network as the end-users go about their daily business, much like a lion will lie in wait to ambush prey at a watering hole."
Unlike the alleged Chinese hacks which are state-sponsored and for the government's own gain, this gang of hackers is looking to acquire company secrets, research, intellectual property and more that can be sold on the black market to the highest bidder. Investigators also claim that the hackers are trying to steal social website information in order to specifically target employees of "technology-rich" companies like Microsoft and Apple.
Microsoft is one of a few that has gone public with reports of a hacking attempt that spans hundreds. Twitter, which described an attack similar to the Wall Street Journal, even admitted in early February that attacks may have gained the information of around 250,000 users.
