Caso Google-China em perguntas

Google-China cyber espionage saga - FAQ
ZDNet Zero Day

Muito interessante. Só duas perguntas:

Q: How did the attack take place?

Through a combination of spear-phishing (targeted attack), and a zero day flaw (CVE-2010-0249) affecting Microsoft’s Internet Explorer (see which versions and which platforms are affected).

Microsoft is currently working on emergency patch, given the fact that the exploit code used in the attack is now publicly available, with the governments of Germany and France urging users to stop using Internet Explorer.

Not only did the targeted malware attack managed to bypass the malware/spam filters of the organizations (Phishing experiment sneaks through all anti-spam filters; New study details the dynamics of successful phishing), but also, managed to successfully exploit hosts within the working environment which allowed the attackers to steal intellectual property from Google.

Upon the successful exploitation of these hosts, the attackers relied on the Hydraq trojan in order to facilitate the theft of intellectual property (Trojan.Hydraq Exposed; Trojan.Hydraq - Part II), and continue maintaining access to the affected hosts.

Q: Which companies were affected in the targeted malware attacks?

According to the initial post confirming the targeted malware attacks, Google stated that “at least twenty other large companies from a wide range of businesses–including the Internet, finance, technology, media and chemical sectors–have been similarly targeted.

On the same day, actual details on who’s been targeted started to emerge, prompted by Google’s decision to go public with the incident at the first place, with Adobe being the first company to confirm the “corporate network security issue“, later on denying the initial allegations that the attacks took place through a zero day flaw in Adobe’s Reader.

According to public reports, the number of affected companies increased to 34, including Yahoo, Symantec, Northrop Grumman and Dow Chemical. Of those, only Yahoo, Juniper Networks and Symantec provided details that they’re currently investigation possible security incidents without actually confirming that their networks may have been successfully compromised in the attacks.

A day after Google’s announcement of the incident, the law firm Gipson, Hoffman and Pancione which represents CYBERsitter in a $2.2 billion lawsuit against China for pirating source code and using in Green Dam, a content filtering / censorship program, reported that “it has suffered cyber attacks originating from China“.