x
advertisement
Filtered By: Scitech
SciTech

RSA: 'Nation state' behind cyberattacks


A prominent US-based security firm has disclosed two groups working for a nation state may have been the culprits behind a hacking attack that stole data on its SecurID authentication products earlier this year. RSA executive chairman Art Coviello made the disclosure at the RSA Security Conference in London, computer security firm Sophos disclosed. “There were two individual groups from one nation state, one supporting the other. One was very visible and one less so.. We’ve not attributed it to a particular nation state although we’re very confident that with the skill, sophistication and resources involved it could only have been a nation state," Sophos quoted Coviello as saying in a blog post. But he did not name the country involved, Sophos said. RSA admitted the breach last March, with Coviello saying the attack was in the category of an advanced persistent threat (APT), but there is no evidence that customer security related to other RSA products has been affected. "While at this time we are confident that the information extracted does not enable a successful direct attack on any of our RSA SecurID customers, this information could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack," Coviello said in an open letter to customers. On the other hand, Sophos said the server breach subsequently led to another attack against a leading US military contractor. Sophos noted RSA was struck by a targeted malware attack, emailed to a small number of their employees. Attached to the email was a file, “2011 Recruitment plan.xls," that tricked users into opening the attachment. At least one of them fell for the trap. The Excel spreadsheet contained a malicious Flash payload that exploited an Adobe zero-day vulnerability that then downloaded a remote access Trojan horse, "Poison Ivy." Once the Trojan horse was in place, the hackers could begin to steal information and inveigle their way into RSA’s network infrastructure. — TJD, GMA News

Tags: rsa, securid, sophos, hackers
Most Popular