Juniper, Symantec investigating widespread cyber espionage

Adobe, Yahoo, and many large Fortune 500 companies were hit by a sophisticated cyber attack first discovered by Google

Juniper Networks and Symantec said Thursday that they were investigating a widespread cyber-espionage incident that has hit dozens of technology companies, including Google and Adobe.

Sources familiar with the situation say that 34 companies, most of them large Fortune 500 names, were hit by a sophisticated cyber attack, first uncovered by Google last month. The attackers used a previously unknown "zero-day" attack on Internet Explorer, and possibly other techniques, to break into company networks and steal sensitive information.

[ Microsoft will patch the zero-day bug used in the hack of Google's networks. | The alleged China attacks could shape U.S. cybersecurity policy. | Learn how to secure your systems with Roger Grimes' Security Adviser blog and Security Central newsletter, both from InfoWorld. ]

The Washington Post reports that Yahoo, Dow Chemical, and Northrop Grumman were also attacked.

Juniper and Symantec both acknowledged that they were investigating incidents, but stopped short of saying they had been hacked or of providing any details.

"As the world's largest security provider, we are the target of cyber attacks on a regular basis. As we do with all threats, we are thoroughly investigating this one to ensure we are providing appropriate protection to our customers," Symantec said in a statement.

"Juniper Networks recently became aware of, and is currently investigating, a cyber security incident involving a sophisticated and targeted attack against a number of companies," a company spokeswoman said in an e-mail message. "We take these incidents seriously and as with any investigation of this nature, we do not disclose details."

Although IT administrators have long cited China as the source of many cyber attacks, it is extremely difficult to say whether this malicious traffic is actually originating in China or merely passing through. The fact that Google seems to think that China is behind the attacks -- a strong enough conviction that it has threatened to stop doing business in China -- is exceptional, however.

Google discovered a command and control server being used to send instructions to hacked machines, and was able to notify and identify other victims based on that information. According to Google the companies that were targeted include the Internet, finance, technology, media and chemical businesses.

The search engine company may suspect Chinese government sponsorship of the attacks, but the company's chief legal counsel David Drummond told U.S. National Public Radio Thursday that the company doesn't have definitive evidence that the Chinese government was involved.

Human rights groups, government agencies and defense contractors have been targeted by this type of attack in the past, but the fact that so many major international companies could be hit is a wake-up call to U.S. businesses.

"It shows that even the biggest and the most sophisticated companies will always come in second place when they're matched with a big foreign intelligence service," said James Lewis a director with the Center for Strategic and International Studies.

Northorp Grumman said it does not comment on specific attacks. "Northrop Grumman, like most industries and government organizations, is at risk of cyber attacks ranging from the most complex to the simple hacker," a company spokeswoman said via e-mail.

Yahoo wouldn't say whether it had been hit. Dow Chemical could not be reached immediately for comment.

From CIO: 8 Free Online Courses to Grow Your Tech Skills
Join the discussion
Be the first to comment on this article. Our Commenting Policies