Cyber attacks on Apple believed to stem from Eastern Europe, not China
While earlier reports suggested hackers who targeted Apple emanated from China, investigators now believe the criminals are instead based out of Eastern Europe.
The attacks on Apple, Facebook, Twitter and others are now linked to "an Eastern European gang of hackers that is trying to steal company secrets," according to Bloomberg, citing unnamed people familiar with an ongoing investigation.
"Investigators suspect that the hackers are a criminal group based in Russia or Eastern Europe, and have tracked at least one server being used by the group to a hosting company in the Ukraine," the report said. "Other evidence, including the malware used in the attack, also suggest it is the work of cyber criminals rather than state-sponsored espionage from China, two people familiar with the investigation said."
An earlier report from The New York Times had instead linked recent attacks on companies like Facebook to the Chinese Army. It claimed that there was "little doubt" that an "overwhelming percentage of attacks on American corporations, organizations and government agencies" originate from a People's Liberation Army group known as "Unit 61398" based out of the outskirts of Shanghai.
Apple announced on Wednesday that some of its employees' laptops had been infected through a vulnerability in the Java plug-in for browsers. The company revealed that the same malware was used against a number of companies, but did not indicate what country the attacks may have originated from.
"We identified a small number of systems within Apple that were infected and isolated them from our network," the company said in a statement. "There is no evidence that any data left Apple. We are working closely with law enforcement to find the source of the malware."
The attacks are believed to have occurred through an iPhone developer community website that was hosting malware. It's believed that the infected code made its way onto the computers of Apple, Facebook, Twitter and other companies utilizing a Java zero-day flaw.
The method used by the criminals is a so-called "watering hole attack," in which hackers compromise a popular website that many people visit and trust.
Apple on Tuesday pushed out an update for all OS X users that patches the exploit, and also removes the Java Web applet.
The attacks on Apple, Facebook, Twitter and others are now linked to "an Eastern European gang of hackers that is trying to steal company secrets," according to Bloomberg, citing unnamed people familiar with an ongoing investigation.
"Investigators suspect that the hackers are a criminal group based in Russia or Eastern Europe, and have tracked at least one server being used by the group to a hosting company in the Ukraine," the report said. "Other evidence, including the malware used in the attack, also suggest it is the work of cyber criminals rather than state-sponsored espionage from China, two people familiar with the investigation said."
An earlier report from The New York Times had instead linked recent attacks on companies like Facebook to the Chinese Army. It claimed that there was "little doubt" that an "overwhelming percentage of attacks on American corporations, organizations and government agencies" originate from a People's Liberation Army group known as "Unit 61398" based out of the outskirts of Shanghai.
Apple announced on Wednesday that some of its employees' laptops had been infected through a vulnerability in the Java plug-in for browsers. The company revealed that the same malware was used against a number of companies, but did not indicate what country the attacks may have originated from.
"We identified a small number of systems within Apple that were infected and isolated them from our network," the company said in a statement. "There is no evidence that any data left Apple. We are working closely with law enforcement to find the source of the malware."
The attacks are believed to have occurred through an iPhone developer community website that was hosting malware. It's believed that the infected code made its way onto the computers of Apple, Facebook, Twitter and other companies utilizing a Java zero-day flaw.
The method used by the criminals is a so-called "watering hole attack," in which hackers compromise a popular website that many people visit and trust.
Apple on Tuesday pushed out an update for all OS X users that patches the exploit, and also removes the Java Web applet.
Comments
Hmm... so here's my thought...
Apple can and should make it clear to these folks that you don't F with Apple. $100 million (or even $1 billion) is a rounding error for Apple, but if Apple were to spend that amount of money going after these people, these people would be done, regardless of who they are.
Quote:
Originally Posted by Blastdoor
Hmm... so here's my thought...
Apple can and should make it clear to these folks that you don't F with Apple. $100 million (or even $1 billion) is a rounding error for Apple, but if Apple were to spend that amount of money going after these people, these people would be done, regardless of who they are.
"Going after"
"These people would be done"
LOL!
Hackers have messed with Google, Apple, Facebook, Oracle, the US government (the list goes on) and still they cannot be rooted out. $100M would change this?
Just what are you dreaming about here? Are you one of those GOP politicians who thought Iraq and Afghanistan would be simple wars to be easily won in the face of the US military might? Have you watched too many movies?
And what do you mean by "done"? Apple is going to send out drones?
Quote:
Originally Posted by Blastdoor
Hmm... so here's my thought...
Apple can and should make it clear to these folks that you don't F with Apple. $100 million (or even $1 billion) is a rounding error for Apple, but if Apple were to spend that amount of money going after these people, these people would be done, regardless of who they are.
You have a great point....Apple has the funds to hire a cyber-army that could track and take these guys down. But once they engage in that activity. They will become the high profile target of every hacker and hacking group on the globe. Imagine the instant notoriety and bragging rights of hacking Apple. I don't think Apple wants this type of presence.
Quote:
Originally Posted by stelligent
What will all those who dumped on China say now?
What because an "unnamed" source said different?
What will all those who dumped on China say now?
OK, I will take the bait. If true, this doesn't negate the report from the security company dealing with the hacking of the New York Times. It also doesn't negate the Wiki Leaks from the State Department blaming China for the hacking of Google. Just because China might not be guilty of this particular hack, means very little.Can't do that. They have wasted all the drones bombing China.
Quote:
Originally Posted by TBell
OK, I will take the bait. If true, this doesn't negate the report from the security company dealing with the hacking of the New York Times. It also doesn't negate the Wiki Leaks from the State Department blaming China for the hacking of Google. Just because China might not be guilty of this particular hack, means very little.I agree with you there has been enough proof that our president has even started to identify China as the source of a ton of cyber attacks against US companies and infrastructure. This is serious stuff....
Sounds like you don't think he has a great point.
Originally Posted by geekdad
Imagine the instant notoriety and bragging rights of hacking Apple.
It's almost as though this isn't already the case.
Quote:
Originally Posted by ankleskater
Sounds like you don't think he has a great point.
no...he has a point Apple could hire an cyber army and track these guys down and make life extremely hard for them. That was his point. It is valid. But the side effects of that action would be extreme retaliation of the hacking community. Apple could not withstand that type of effort. It would interrupt business and cause them extreme harm in the long run. the best approach is what they are no doubt already doing. gather as much information as they can. Protect themselves as best they can. Turnover all information to our govenment and the agencies that exist to counter this type of effort.
Quote:
Originally Posted by Tallest Skil
It's almost as though this isn't already the case.
Not yet....imagine the bragging rights of taking down apple.com.........Or posting online Apple sales figures.....or posting online any type pf private information gathered from a real serious security breach and compromise.......
Quote:
Originally Posted by Blastdoor
Apple can and should make it clear to these folks that you don't F with Apple. $100 million (or even $1 billion) is a rounding error for Apple, but if Apple were to spend that amount of money going after these people, these people would be done, regardless of who they are.
Apple should leave the policing to the police. Focus on improving their systems so these kind of attacks and attack attempts go no where for Apple users so we have secure systems to work on.
Quote:
Originally Posted by TBell
OK, I will take the bait. If true, this doesn't negate the report from the security company dealing with the hacking of the New York Times. It also doesn't negate the Wiki Leaks from the State Department blaming China for the hacking of Google. Just because China might not be guilty of this particular hack, means very little.Not to mention that Bloomberg isn't exactly the fount of accurate reporting when it comes to tech things' particularly Apple. Who knows if their information is correct or complete. The attack might have come via an Eastern Europe IP but who knows if that was the first point or just a hop on a train of connections to hide the truth.
So much for GG's claims that Apple must have lost data because the PLA hackers always took data.
I believe a good many politicians signed off on the Iraq and Afghanistan debacles regardless of political affiliation. Though I am surprised you didn't try to sneak in a Fox News reference as well. Never heard that one before.
Exactly. Because "socialism is bad" is the excuse for demonizing anyone. Sigh. Not much has changed in the world regarding differing government and market ideas. Frankly, China has done quite well by getting so much industry reliance installed there from the "most powerful and advanced nations of the world." War is obsolete when you can conquer by marketing and business. Well, obsolete to those that can accomplish dominance without firing a shot. There are a lot of insecure idiots just waiting for an excuse to start shooting. More.