RSA the victim of "an extremely sophisticated cyber attack"

[diogen]

Forget about HBGary.
RSA, the security arm of EMC, got hacked.
Expect the "bastards China hackers" topic to return.

I must have missed the memo about an open season on security companies...

Diogen.

 

[diogen]

A follow-up on the hack
RSA says hack won't allow "direct attack" on SecureID tokens

Diogen.

 

[Frank Jr.]

"The hackers—widely presumed to be working for the Chinese government." Damn.

 

[diogen]

Some more details about the hack
https://threatpost.com/en_us/blogs/rsa-securid-attack-was-phishing-excel-spreadsheet-040111

The attacker in this case sent two different phishing emails over a two-day period. The two emails were sent to two small groups of employees...
The email was crafted well enough to trick one of the employees to retrieve it from their Junk mail folder, and open the attached excel file....
The spreadsheet contained a zero-day exploit that installs a backdoor through an Adobe Flash vulnerability...
The attacker first harvested access credentials from the compromised users... performed privilege escalation on non-administrative users...
The attacker then used FTP to transfer many password protected RAR files from the RSA file server to an outside staging server...
The files were subsequently pulled by the attacker and removed from the external compromised host to remove any traces of the attack...

It does remind the Google hack (targeting small groups) and certainly wasn't done by script kids.

Still no word on what was stolen and how badly is the system compromised...

If anything, these high profile hacks confirm the scientific nature of statistics: target enough people and you will find a dummy that will help in your quest.

Also, those reports are most likely top of an iceberg: there are more companies that were hacked but are mum on that.

Diogen.