Eastern European Hackers Reportedly Linked to Malware Attack on Apple

Earlier today Apple revealed it had fallen victim to a malware attack where some of its computers were breached but no information was stolen. The hackers were linked to the same group that targeted Facebook last week and were able to do so via an exploit in the Java web browser plugin, which today was sealed via a software update.

AllThingsD reports the site responsible for the recent string of tech company hacks is called iPhoneDevSDK (don’t visit the site by the way):

After Facebook employees visited the mobile development site in recent weeks, malicious code injected into the HTML of the site used an exploit in Oracle’s Java plug-in to infect employee laptops, as the company divulged last Friday.

Bloomberg now reports this developer website has targeted at least 40 companies including Apple, Facebook and Twitter and has ties to Eastern European hackers according to its sources familiar on the matter, based on investigations by the FBI and Secret Service:

At least 40 companies including Apple Inc., Facebook Inc. and Twitter Inc. were targeted in malware attacks linked to an Eastern European gang of hackers that is trying steal company secrets, two people familiar with the matter said.

The sources also note Apple was the first company to discover the attack; the hackers appeared to be keen on stealing company secrets, research and intellectual property documents to sell in the underground marketplace. People familiar with the investigation allege the hackers are a crime syndicate based in Russia or Eastern Europe, with at least one hacker server tracked to a hosting company in the Ukraine.

Hackers took over iphonedevsdk.com, then used the Java browser security flaw to implant malware. RSA Security called the technique a “waterhole” attack, as victims are lured to the infection source, similar to a waterhole in a savanna. The malware used to hack these tech companies makes it appear to be the work of cyber criminals rather than government sponsored attacks from China, the sources note.