The hackers who hit RSA also attempted to hack over 760 other organisations, including almost 20 per cent of the current Fortune 100, a report has indicated.
RSA revealed in March it was hit by an advanced persistent threat (APT) , compromising details of its SecureID token offering and potentially placing its customers in danger.
Security experts had claimed the RSA attackers would have gone after a host of other firms. Now the Krebs on Security blog has revealed the extent of how many were hit.
Following the RSA breach, security experts were summoned to US Congress to discuss APTs and it was there a list of targeted companies was shared.
The listed firms had networks that were communicating with the same command and control (C&C) infrastructure used in the RSA hack. There were more than 300 C&Cs used in the attacks, the majority of which were located in China.
Security expert Brian Krebs said there were a number of caveats with the list, however.
"First, many of the network owners listed are internet service providers, and are likely included because some of their subscribers were hit," he wrote.
"Second, it is not clear how many systems in each of these companies or networks were compromised, for how long those intrusions persisted, or whether the attackers successfully stole sensitive information from all of the victims. Finally, some of these organiaations (there are several anti-virus firms mentioned below) may be represented because they intentionally compromised internal systems in an effort to reverse engineer malware used in these attacks."
Amongst the companies listed were Amazon, BT, Cisco, CSC, eBay, EMC, Facebook, Fortinet, Google, HP, IBM, Juniper Networks, McAfee, Microsoft, Motorola, Nokia, Virgin Media, Orange, PwC, Qualcomm, Sky, Vodafone, Websense and Yahoo.
Earlier this month, RSA executives revealed the company had been targeted by two hacking groups. They said the groups were most likely funded by a nation state, yet they could not reveal which one.
-
M&S suspends online sales as 'cyber incident' continuesNews Marks & Spencer (M&S) has informed customers that all online and app sales have been suspended as the high street retailer battles a ‘cyber incident’.
-
Manners cost nothing, unless you’re using ChatGPTOpinion Polite users are costing OpenAI millions of dollars each year – but Ps and Qs are a small dent in what ChatGPT could cost the planet
-
What to look out for at RSAC Conference 2025Analysis Convincing attendees that AI can revolutionize security will be the first point of order at next week’s RSA Conference – but traditional threats will be a constant undercurrent
-
'You need your own bots' to wage war against rogue AI, warns Varonis VPNews Infosec pros are urged to get serious about data access control and automation to thwart AI breaches
-
CrowdStrike CEO: Embrace AI or be crushed by cyber crooksNews Exec urges infosec bods to adopt next-gen SIEM driven by AI – or risk being outpaced by criminals
-
Microsoft security boss warns AI insecurity 'unprecedented' as tech goes mainstreamNews RSA keynote paints a terrifying picture of billion-plus GenAI users facing innovative criminal tactics
-
APIcalypse Now: Akamai CSO warns of surging attacks and backdoored open source componentsNEWS Apps and APIs bear the brunt as threat actors pivot to living off the land
-
AI is changing the game when it comes to cyber securityNews With AI becoming more of an everyday reality, innovative strategies are needed to counter increasingly sophisticated threats
-
RSAC Chairman urges collaboration to ensure collective defense in securityNews Chairman emphasizes the critical need for cooperation among cyber security experts
-
Capita tells pension provider to 'assume' nearly 500,000 customers' data stolenCapita told the pension provider to “work on the assumption” that data had been stolen
