The hackers are likely based in Eastern Europe and Russia, not China
Last week, when it reported that malware was identified on a number of employee computers, Facebook revealed that it wasn’t the only target of the sophisticated attack, but it didn’t provide any names. It appears another one of the victims is Apple.The company reported that a limited number of Mac computers had been infected with a piece of malware pushed via e Java vulnerability. The threats have been neutralized and, for the time being, Apple hasn’t found any evidence to suggest that the attackers have managed to exfiltrate any data.
According to Bloomberg, the recent Twitter hack is part of the same cybercriminal campaign. Furthermore, the publication informs that the attackers are most likely not from China as initially believed, but from Eastern Europe or Russia.
The criminal organization’s main goal appears to be the theft of trade secrets.
Based on the malware used in the attacks, sources close to the investigation have told Bloomberg that one of the servers utilized by the cybercriminals is hosted by a company in Ukraine. Evidence suggests that China is not involved in the incidents.
A few days ago, Facebook revealed that the malware was installed onto their computers via a Java exploit hosted on a developer website.
All Things D reports that the watering hole where the attack took place could be a website called iPhoneDevSDK, which is mainly visited by users from India, the United States and China.
However, the site’s representatives have highlighted that, in its initial report, Facebook said it had contacted the compromised companies, but they weren’t contacted by the social media firm, or by the law enforcement agencies investigating the breaches.
Twitter, Facebook and Apple appear to be the only ones who admitted falling victim to hackers, but Reuters cites unnamed individuals close to the investigation who say that hundreds of other organizations could be affected, including defense contractors.