The sophisticated cyberattack on security firm RSA in March had a massive ripple effect, felt by the 40 million employees of major corporations and organizations who use the company's SecurID tokens to authenticate their identities when logging into virtual private computer networks and other sensitive systems. Experts suspected that RSA wasn't the only target of the attack, but until now, nobody was willing to come forward and name the other companies who may have been hit.
On his Krebs on Security blog, intrepid researcher and reporter Brian Krebs has published a list of more than 760 companies whose networks were compromised with some of the same resources used in the RSA attack. The list is exhaustive, and includes heavy-hitting companies such as Google, Amazon, Comcast, Nokia Internet, Motorola, Inc., Microsoft Corp, Fannie Mae, Facebook, Yahoo, Verizon Online LLC, Unisys Corporation, Northrop Grumman, PriceWaterhouseCoopers LLP, Research in Motion Limited, Sprint and Wells Fargo. Nearly 20 percent of the current Fortune 100 companies are represented on the list.
Krebs analyzed the location of 338 command and control networks used in the attacks, and found that 299 of them were located in China. This supports the general assumption that hackers supported by the Chinese government launched the attack on RSA.
In addition to the telecommunications targets, the hackers also went after several educational institutions, including the University of Michigan, University of Pittsburgh, University of California, Santa Cruz and the University of Virginia.
Krebs wrote that he is not at liberty to identify the source of his data, and he made clear that he does not know how many systems in each company on the list were compromised, "for how long those intrusions persisted, or whether the attackers successfully stole sensitive information from all of the victims." He explained too that many of the anti-virus firms on the list are there because they intentionally let certain servers be hacked in order to reverse-engineer the malware used in the attacks.