The hackers who hit RSA also attempted to hack over 760 other organisations, including almost 20 per cent of the current Fortune 100, a report has indicated.
RSA revealed in March it was hit by an advanced persistent threat (APT) , compromising details of its SecureID token offering and potentially placing its customers in danger.
Security experts had claimed the RSA attackers would have gone after a host of other firms. Now the Krebs on Security blog has revealed the extent of how many were hit.
Following the RSA breach, security experts were summoned to US Congress to discuss APTs and it was there a list of targeted companies was shared.
The listed firms had networks that were communicating with the same command and control (C&C) infrastructure used in the RSA hack. There were more than 300 C&Cs used in the attacks, the majority of which were located in China.
Security expert Brian Krebs said there were a number of caveats with the list, however.
"First, many of the network owners listed are internet service providers, and are likely included because some of their subscribers were hit," he wrote.
"Second, it is not clear how many systems in each of these companies or networks were compromised, for how long those intrusions persisted, or whether the attackers successfully stole sensitive information from all of the victims. Finally, some of these organiaations (there are several anti-virus firms mentioned below) may be represented because they intentionally compromised internal systems in an effort to reverse engineer malware used in these attacks."
Amongst the companies listed were Amazon, BT, Cisco, CSC, eBay, EMC, Facebook, Fortinet, Google, HP, IBM, Juniper Networks, McAfee, Microsoft, Motorola, Nokia, Virgin Media, Orange, PwC, Qualcomm, Sky, Vodafone, Websense and Yahoo.
Earlier this month, RSA executives revealed the company had been targeted by two hacking groups. They said the groups were most likely funded by a nation state, yet they could not reveal which one.
-
Scania admits leak of data after extortion attemptNews Hacker stole 34,000 files from a third-party managed website, trucking company says
-
RSAC in focus: Key takeaways for CISOsThe RSAC Conference 2025 spotlighted pivotal advancements in agentic AI, identity security, and collaborative defense strategies, shaping the evolving mandate for CISOs.
-
RSAC in focus: Quantum computing and securityExperts at RSAC 2025 emphasize the need for urgent action to secure data against future cryptographic risks posed by quantum computing
-
RSAC in focus: How AI is improving cybersecurityAI is revolutionizing cybersecurity by enhancing threat detection, automating defenses, and letting IT professionals tackle evolving digital challenges.
-
RSAC in focus: Collaboration in cybersecurityExperts at RSA Conference 2025 emphasised that collaboration across sectors and shared intelligence are pivotal to addressing the evolving challenges of cybersecurity.
-
RSAC in focus: Considerations and possibilities for the remainder of 2025As 2025 unfolds, RSAC explores the pivotal considerations and emerging possibilities shaping the cybersecurity landscape
-
RSAC Conference 2025: The front line of cyber innovationITPro Podcast Ransomware, quantum computing, and an unsurprising focus on AI were highlights of this year's event
-
RSAC Conference 2025: AI and quantum complicate securityOrganizations are grappling with the complications of adopting AI for security
