Two state-sponsored groups responsible for RSA breach
Posted on 12 October 2011.
Two distinct groups were behind the March attack against RSA's networks, said RSA president Tom Heiser, and they seem to have been directed in their efforts by a single nation-state.


Apparently, one group was very visible and one less so, but both have been known to the authorities for quite some time and this is the first time that they have been detected working together.

According to Computerworld, RSA's executives declined to say which country was behind the attack, justifying their decision by saying that they didn't want the attackers to know just how much the company knowns now about them.

But the hackers also knew a lot about the company - and knew exactly where and how to look and what they were after. RSA executive chairman Art Coviello still claims that the algorithm used in its SecurID tokens was not compromised, but said that the attackers did get their hands on "one piece of information that was important".

They also knew things that made their movements inside the system unnoticeable for a while: the company's use of Active Directory for authentication management inside the networks and its internal naming conventions for hosts.

They said that the attackers used advanced techniques and sophisticated malware, some of which was developed mere hours before being used. They cloaked the stolen information before exfiltrating it by using encryption and compression.

The executives still haven't confirmed or denied whether the email discovered in August by an F-Secure researcher was the one with which the attackers initiated their attack, but they did say that the culprit was a booby-trapped Excel spreadsheet that opened a backdoor through which they gained access to the company systems.

In the end, they confirmed that which the public already suspected: that the attack on RSA was executed with the goal of stealing information that would be later used to penetrate the systems of - according to them - one U.S. military contractor. In the end, though, they were unsuccessful.






Spotlight

Windows 0-day exploited in ongoing attacks, temporary workarounds offered

Posted on 22 October 2014.  |  A new Windows zero-day vulnerability is being actively exploited in the wild and is primarily a risk to users on servers and workstations that open documents with embedded OLE objects.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Oct 23rd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //