The attacks often focused on the companies' public-facing websites, which were attacked using methods such as SQL injection, where hackers try to get backend databases to reply to commands that should be blocked. SQL injection attacks can often return sensitive information or allow for different kinds of attacks.
Once a Web server had been compromised, the attackers would then upload programs such as remote administration tools (RATs). Those tools are often used by system administrators to fix computers from afar, as they allow complete access to a machine and let administrators see the system as if they were sitting right in front of it.
From there, the hackers would browse around other areas such as Active Directory, a Microsoft system used to provision network access to employees on corporate networks. They used password-cracking tools to get privileged access to other services on the network containing sensitive information such as market intelligence reports and information on operational production systems, Day said.
Send news tips and comments to firstname.lastname@example.org.