By Kim Zetter
January 13, 2010
A hack attack that targeted Google in December also hit 33 other
companies, including financial institutions and defense contractors, and
was aimed at stealing source code from the companies, say security
researchers at iDefense.
The hackers used a zero-day vulnerability in Adobe Reader to deliver
malware to many of the companies and were in some cases successful at
siphoning the source code they sought, according to a statement
distributed Tuesday by iDefense, a division of VeriSign. The attack was
similar to one that targeted other companies last July, the company
A spokeswoman for iDefense wouldn't name any of the other companies that
were targeted in the recent attack, except Adobe.
Adobe acknowledged Tuesday in a blog post that it discovered Jan. 2 that
it had been the target of a "sophisticated, coordinated attack against
corporate network systems managed by Adobe and other companies."
The company didn.t say whether it was a victim of the same attack that
struck Google. But Adobe.s announcement came just minutes after Google
revealed that it had been the target of a "highly sophisticated" hack
attack originating in China in December.
Neither Google nor Adobe provided details about how the hacks occurred.
Google said only that the hackers were able to steal unspecified
intellectual property from it, and that they had focused their attack on
obtaining access to the Gmail accounts of human rights activists who
were involved in China rights issues.
But according to iDefense, whose customers include some of the 33
companies that were hacked, the attacks were well targeted and
"unusually sophisticated" and aimed at grabbing source code from several
hi-tech companies based in Silicon Valley as well as financial
institutions and defense contractors.
Did a friend send you this? From now on, be the
first to find out! Subscribe to InfoSec News