14 DAY TRIAL // The hackers accountable for the JPMorgan Chase cyber-attack also penetrated the computer systems of nine other financial institutions and are now thought to be operating from Russia and having some connections with officials of the Russian government.
As a result of the investigation, it has been discovered that data on 76 million households and seven million small businesses have been exposed during the incident. The details included names, addresses, phone numbers, and email addresses.
Over 90 servers of the bank were affected
According to a new report published by the New York Times on Friday, there is no public information whether the attacks on the other targets, whose identity remains undisclosed, were as deep as in the case of JPMorgan.
Details about the matter revealed by the publication include the fact that the hackers gained administrative privileges for more than 90 servers of the bank, and that in the case of some customers critical information about the nature of the account, such as private banking mortgage use, was available.
The intruders did not reach databases with financial information leading to compromising customer funds, but many believe that this data would have been accessed if the attack went undetected for more time.
List of applications and programs on JPMorgan computers was stolen
New York Times learned that, apart from personal customer information, the perpetrators were also able to exfiltrate a file containing a list with every application and program available on standard JPMorgan computers.
Making the necessary changes before the attackers discover vulnerabilities that can be exploited is a pretty tight race because the operation is both expensive and time-consuming.
Details about the internal computer infrastructure of a major US bank is serious information. “This is a great threat to JP, as the attackers now have more details on how to target and further breach their network,” said via email Aviv Raff, CTO at security company Seculert.
“JPMorgan has historically been a poster child for spending 'whatever it takes' on security for both technology and people. If they can spend all of that money and effort yet still sustain this kind of breach, then we have to conclude that no one is safe,” he added.
He believes that enterprises should focus on solutions designed to detect the attack, “instead of just attempting to prevent one from happening,” since malicious actors could devise methods for bypassing new security measures; but learning about an intrusion as it happens can prevent attackers from reaching highly restricted areas.
Government-supported Russian hackers have been suspected early on
Since an early stage of the JPMorgan cyber-attack investigation, there was information that the hackers responsible for the incident also aimed at other financial institutions.
Sources more familiar with the matter also said at the time that there was reason to believe that a foreign government was behind the attack, Russia being suspected because it faced sanctions from the West over the conflict in Ukraine.
However, this has not been fully confirmed, and one official has told New York Times that caution is advisable before leaping to conclusions about the identity of the intruders and their motives, because errors have been made in the past.