Investigators say the surge of malware attacks on U.S. companies may be coming from Eastern European cybercriminals rather than being Chinese state-sponsored espionage.
While many security experts have been pointing the blame at China for the recent wave of cyberattacks on U.S. companies and newspapers, Bloomberg reports that some of the malware attacks actually may be coming from Eastern Europe.
Investigators familiar with the matter told Bloomberg they believe a cybercriminal group based in either Russia or Eastern Europe is carrying out the high-level attacks to steal company secrets, research, and intellectual property, which could then be sold on the black market.
Evidence that the attacks may be coming from Eastern Europe is the type of malware being used by the hackers, which is more commonly used by cybercriminals than by government spying. Also, investigators have tracked at least one server being used by the hackers to a Ukrainian hosting company.
Roughly 40 companies have been victims of cyberattacks over the past several months. These companies included tech businesses, such as Apple, Facebook, and Twitter, and newspapers, such as The New York Times, the Wall Street Journal, and the Associated Press.
Apple announced today that hackers targeted computers used by its employees, but that "there was no evidence that any data left Apple." In a statement, the company said it discovered malware that made use of a vulnerability in the Java plug-in, and that it was sourced from a site for software developers. Apple blocked Java from some of its Macs late last month using its XProtect antimalware tool and citing security vulnerabilities.
A report by The New York Times yesterday claimed that an "overwhelming percentage" of the cyberattacks on U.S. corporations, government agencies, and organizations came from an office building in Shanghai with ties to the People's Liberation Army. These allegations remain unconfirmed and flatly denied by Chinese authorities.
The hack on The New York Times itself was months long and included the theft of corporate passwords of Times employees, as well as spying on personal computers. The attacks on Facebook, Twitter, and Apple were a bit different in that reportedly only a small number of systems were infected and the hackers got in via the Java vulnerability.
This isn't the first allegation of cybercriminals operating out of Eastern Europe. Security firm McAfee Labs published a report in December that warned of increasing attacks on U.S. financial institutions from Eastern European hackers. Dubbed Project Blitzkrieg, McAfee said the possible attacks would be done with a highly developed Trojan that could infect victims' computers, plant software, and allow cybercriminals to steal information and money.