RSA attackers targeted ‘760 other organisations’

Hackers

The hackers who hit RSA also attempted to hack over 760 other organisations, including almost 20 per cent of the current Fortune 100, a report has indicated.

RSA revealed in March it was hit by an advanced persistent threat (APT) , compromising details of its SecureID token offering and potentially placing its customers in danger.

Security experts had claimed the RSA attackers would have gone after a host of other firms. Now the Krebs on Security blog has revealed the extent of how many were hit.

Following the RSA breach, security experts were summoned to US Congress to discuss APTs and it was there a list of targeted companies was shared.

The listed firms had networks that were communicating with the same command and control (C&C) infrastructure used in the RSA hack. There were more than 300 C&Cs used in the attacks, the majority of which were located in China.

Security expert Brian Krebs said there were a number of caveats with the list, however.

"First, many of the network owners listed are internet service providers, and are likely included because some of their subscribers were hit," he wrote.

"Second, it is not clear how many systems in each of these companies or networks were compromised, for how long those intrusions persisted, or whether the attackers successfully stole sensitive information from all of the victims. Finally, some of these organiaations (there are several anti-virus firms mentioned below) may be represented because they intentionally compromised internal systems in an effort to reverse engineer malware used in these attacks."

Amongst the companies listed were Amazon, BT, Cisco, CSC, eBay, EMC, Facebook, Fortinet, Google, HP, IBM, Juniper Networks, McAfee, Microsoft, Motorola, Nokia, Virgin Media, Orange, PwC, Qualcomm, Sky, Vodafone, Websense and Yahoo.

Earlier this month, RSA executives revealed the company had been targeted by two hacking groups. They said the groups were most likely funded by a nation state, yet they could not reveal which one.

Tom Brewster

Tom Brewster is currently an associate editor at Forbes and an award-winning journalist who covers cyber security, surveillance, and privacy. Starting his career at ITPro as a staff writer and working up to a senior staff writer role, Tom has been covering the tech industry for more than ten years and is considered one of the leading journalists in his specialism.

He is a proud alum of the University of Sheffield where he secured an undergraduate degree in English Literature before undertaking a certification from General Assembly in web development.